You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/01 16:41:25 UTC

[jira] [Commented] (METRON-93) Generalize the HBase threat intel infrastructure to support enrichments

    [ https://issues.apache.org/jira/browse/METRON-93?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15221780#comment-15221780 ] 

ASF GitHub Bot commented on METRON-93:
--------------------------------------

GitHub user cestella opened a pull request:

    https://github.com/apache/incubator-metron/pull/66

    METRON-93: Generalize the HBase threat intel infrastructure to support enrichments

    As it stands, the threat intel infrastructure is awkward. Namely, different threat intelligence sources must be pushed into separate hbase tables (malicious_ips separate form malicious_hosts, for instance). We'd rather have one table where the type is brought into the rowkey. Since this infrastructure is generalized, also add a simple hbase enrichment adapter.
    Furthermore, the configuration for a new enrichment should be added to zookeeper as part of the data load.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cestella/incubator-metron MET-129

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/66.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #66
    
----
commit 3e55257e092c0c5651d7b3b8c69d0d7ccd568fc7
Author: cstella <ce...@gmail.com>
Date:   2016-03-21T18:50:38Z

    Refactoring extractor framework to not use ThreatIntel anymore

commit 225ab51498c9bb978246a0ce1449d0dc97bbed97
Author: cstella <ce...@gmail.com>
Date:   2016-03-21T20:43:19Z

    Updating dataloads to not use threatintelkey/value anymore.

commit 72b3b0ec9814902c21774a7b0f486ee5af19d97a
Author: cstella <ce...@gmail.com>
Date:   2016-03-22T14:21:30Z

    Refactoring out the threat intel adapter stuff.

commit 6e4501d101ac41b407867c85ec76de0d31bc34b2
Author: cstella <ce...@gmail.com>
Date:   2016-03-23T18:13:24Z

    Updating test yaml.

commit 72eea03e35412f8720c0612776ced4709cca9697
Author: cstella <ce...@gmail.com>
Date:   2016-03-24T15:44:51Z

    Updating other adapters to use the new scheme.

commit b75c38a6343164aa050dba713f14322f861d6d78
Author: cstella <ce...@gmail.com>
Date:   2016-03-24T16:21:22Z

    Updating configuredbolt to not load configs unnecessarily.

commit 998f69e9d20396a55ccfeec07238b6b22fa386cf
Author: cstella <ce...@gmail.com>
Date:   2016-03-24T19:07:39Z

    updating

commit 3233e517b128de24dbfa5c2e9e58dcf32c1c876d
Author: cstella <ce...@gmail.com>
Date:   2016-03-25T14:07:04Z

    fixing utilities to update zookeeper.

commit 15bfed855815931fd1ed068c47506b5a039a5bfe
Author: cstella <ce...@gmail.com>
Date:   2016-03-28T17:32:12Z

    updated ansible

commit 0c58f2c32891e251c354ab23b09cc3db29ece817
Author: cstella <ce...@gmail.com>
Date:   2016-03-28T17:36:48Z

    Merge branch 'master' into MET-129

commit 19e3d94b5b2ee08498eee5b76d8e1479caa1c3ed
Author: cstella <ce...@gmail.com>
Date:   2016-03-28T18:57:42Z

    Whoops.

commit 00beb07eee99fc18e1d6f10530fa1c848889c3dc
Author: cstella <ce...@gmail.com>
Date:   2016-03-29T16:58:20Z

    Added test.

commit 2551af972e026add7eb4fecc5506907841456625
Author: cstella <ce...@gmail.com>
Date:   2016-03-29T18:16:13Z

    Unfolding the data in hbase before it goes into the index.

commit 0b0a62c2eca8ee1d8a72a6602e46c75200923ac0
Author: cstella <ce...@gmail.com>
Date:   2016-03-30T14:20:06Z

    Updating bolt.

commit 79dcbfff208aefd2bbfac09482dcaa393db39171
Author: cstella <ce...@gmail.com>
Date:   2016-03-30T21:02:52Z

    Updating to support multiget, etc.

commit d079c5d6df3248c68d1dd5304e1e257f7899a2c3
Author: cstella <ce...@gmail.com>
Date:   2016-03-31T19:01:24Z

    updating ansible.

commit 520cbf7350fdc43d09e769530d343d7aad5ee815
Author: cstella <ce...@gmail.com>
Date:   2016-04-01T14:07:29Z

    adding shell script

commit b4fc71e0a18ba9f2b897c3b01e16093903ed100a
Author: cstella <ce...@gmail.com>
Date:   2016-04-01T14:37:49Z

    Merging from master

----


> Generalize the HBase threat intel infrastructure to support enrichments
> -----------------------------------------------------------------------
>
>                 Key: METRON-93
>                 URL: https://issues.apache.org/jira/browse/METRON-93
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Casey Stella
>            Assignee: Casey Stella
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> As it stands, the threat intel infrastructure is awkward.  Namely, different threat intelligence sources must be pushed into separate hbase tables (malicious_ips separate form malicious_hosts, for instance).  We'd rather have one table where the type is brought into the rowkey.  Since this infrastructure is generalized, also add a simple hbase enrichment adapter.
> Furthermore, the configuration for a new enrichment should be added to zookeeper as part of the data load.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)