metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (METRON-35) Implement threat intelligence message enrichment
Date Sat, 13 Feb 2016 07:14:18 GMT

    [ https://issues.apache.org/jira/browse/METRON-35?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145850#comment-15145850
] 

ASF GitHub Bot commented on METRON-35:
--------------------------------------

Github user cestella commented on the pull request:

    https://github.com/apache/incubator-metron/pull/22#issuecomment-183613907
  
    I want to point out a couple of other things this PR provides that aren't strictly associated
with the feature above, but are general cleanup tasks:
    
    * Removed lingering hbase-site.xml which have a bad habit of finding their way onto the
classpath and confusing HBase in integration tests
    * The split of integration tests (defined as a test that ends with "IntegrationTest")
into the integration-test maven lifecycle phase
    * Using the shade maven plugin to relocate our guava dependency so that we can use a more
recent version of Guava than 12 (which is the most recent that HBase will allow due to google's
habit of aggressive removal of deprecated code).  This comes up when running HBase in minicluster
mode as well as in situations when running bolts which have to package the hbase-client.
    * General cleanup of the build to use the version properties instead of hard coding different
versions of common components (e.g. hbase-client, storm-core, etc.)


> Implement threat intelligence message enrichment
> ------------------------------------------------
>
>                 Key: METRON-35
>                 URL: https://issues.apache.org/jira/browse/METRON-35
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Casey Stella
>            Assignee: Casey Stella
>   Original Estimate: 336h
>  Remaining Estimate: 336h
>
> Create the infrastructure to 
> * Bulk ingest threat intelligence feeds from CSV and Stix data sources into HBase
> * Enrich messages who have fields which match the threat intelligence data in HBase
> * Create the infrastructure to remove unused threat intelligence data
> * Augment the Packet capture topology to incorporate a malicious IP threat intel tagger
> The tagging infrastructure much meet the following criteria:
> * They are downstream of the enrichments
> * The threat intelligence bolts execute in parallel with a similar architecture as the
enrichments (i.e. split and join).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message