spot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Castille Epee <castleguard...@gmail.com>
Subject Re: Hardcoded reputation check in flow.
Date Tue, 26 Sep 2017 21:36:31 GMT
Thanks Ricardo. The intent is to contribute it if there is interest. The
current implementation uses mysql. There is some reluctance in adding yet
another dependency. Metron seems to be using hbase for similar functions,
again a new dependency. We are also debating a free service vs. locally
hosted.

Opened another pull request for a different bug fix.

On Tue, Sep 26, 2017, 11:10 AM Barona, Ricardo <ricardo.barona@intel.com>
wrote:

> Nice, I saw your pull request. I just added a comment about testing it
> with no rep services at all.
>
> In a side question, is your in-house reputation service something other
> people could ever use? If so, it’d be great if you can share your
> implementation of your reputation service client. If it’s not the case then
> it’s ok.
>
> Thanks!
>
> On 9/26/17, 1:00 PM, "Castille Epee" <castleguarders@gmail.com> wrote:
>
>     Hi Ricardo,
>
>     Just sent a pull request with changes to make it generic. Tested
> working
>     with an in house reputation service. Don't have access to gti or fb to
> test
>     with. Tested with unconfigured gti and fb.
>
>     On Tue, Sep 26, 2017, 8:28 AM Barona, Ricardo <
> ricardo.barona@intel.com>
>     wrote:
>
>     > Hi Castille,
>     >
>     > Can you share the line of code where you are seeing this?
>     >
>     > Thanks!
>     >
>     > On 9/25/17, 11:02 PM, "Castille Epee" <castleguarders@gmail.com>
> wrote:
>     >
>     >     Flow hard codes gti as the only reputation source. Proxy on the
> other
>     > hand
>     >     refers correctly to the reputation json config file, and
> generically
>     > uses
>     >     the appropriate modules.
>     >
>     >     Wondering why flow doesn't take the same, obviously simpler and
> better
>     >     approach? Any interest in a patch that makes flow do the same as
> proxy?
>     >
>     >
>     >
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message