You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Euan Hope <ho...@gmail.com> on 2020/02/19 15:50:42 UTC
Having more than one use case on a Metron instance
Hi again Metron community.
Sorry to post another question in such quick succession.
Our client has asked us to implement another use case on the Metron
instance we have set up for them. This new use case uses similar data to
the original use case but the threat triage rules for scoring the records
are very different.
The request was to have another tab in the Alerts UI so that the different
SOC analysts could use different screens for the different use cases.
Is there any way to configure this? And if not, does anyone in the
community have suggestions on how to approach this?
Thanks in advance for the help.
Re: Having more than one use case on a Metron instance
Posted by Simon Elliston Ball <si...@simonellistonball.com>.
Not at present, no, but you can just open multiple instances. Saved
searches are also per user, so that might provide a workaround.
Simon
On Wed, 19 Feb 2020 at 16:23, Euan Hope <ho...@gmail.com> wrote:
> Thanks so much for the quick feedback. I will put this forward to the
> client.
>
> To gain a sense of what is possible, is there possibly a way to configure
> more tabs in the Alerts UI (for example, there is the PCAP tab available in
> our UI)?
>
> Or possibly as another alternative, is it possible to configure different
> Alerts UI for different users. Say for example that user A can only access
> Alerts UI A, user B can only access Alerts UI B?
>
> Thanks again for your input, it is very much appreciated.
>
> On Wed, Feb 19, 2020 at 5:59 PM Simon Elliston Ball <
> simon@simonellistonball.com> wrote:
>
>> I would suggest using saved searches, which also remember the selected
>> columns.
>>
>> Simon
>>
>> On Wed, 19 Feb 2020 at 15:51, Euan Hope <ho...@gmail.com> wrote:
>>
>>> Hi again Metron community.
>>>
>>> Sorry to post another question in such quick succession.
>>>
>>> Our client has asked us to implement another use case on the Metron
>>> instance we have set up for them. This new use case uses similar data to
>>> the original use case but the threat triage rules for scoring the records
>>> are very different.
>>>
>>> The request was to have another tab in the Alerts UI so that the
>>> different SOC analysts could use different screens for the different use
>>> cases.
>>>
>>> Is there any way to configure this? And if not, does anyone in the
>>> community have suggestions on how to approach this?
>>>
>>> Thanks in advance for the help.
>>>
>> --
>> --
>> simon elliston ball
>> @sireb
>>
> --
--
simon elliston ball
@sireb
Re: Having more than one use case on a Metron instance
Posted by Euan Hope <ho...@gmail.com>.
Thanks so much for the quick feedback. I will put this forward to the
client.
To gain a sense of what is possible, is there possibly a way to configure
more tabs in the Alerts UI (for example, there is the PCAP tab available in
our UI)?
Or possibly as another alternative, is it possible to configure different
Alerts UI for different users. Say for example that user A can only access
Alerts UI A, user B can only access Alerts UI B?
Thanks again for your input, it is very much appreciated.
On Wed, Feb 19, 2020 at 5:59 PM Simon Elliston Ball <
simon@simonellistonball.com> wrote:
> I would suggest using saved searches, which also remember the selected
> columns.
>
> Simon
>
> On Wed, 19 Feb 2020 at 15:51, Euan Hope <ho...@gmail.com> wrote:
>
>> Hi again Metron community.
>>
>> Sorry to post another question in such quick succession.
>>
>> Our client has asked us to implement another use case on the Metron
>> instance we have set up for them. This new use case uses similar data to
>> the original use case but the threat triage rules for scoring the records
>> are very different.
>>
>> The request was to have another tab in the Alerts UI so that the
>> different SOC analysts could use different screens for the different use
>> cases.
>>
>> Is there any way to configure this? And if not, does anyone in the
>> community have suggestions on how to approach this?
>>
>> Thanks in advance for the help.
>>
> --
> --
> simon elliston ball
> @sireb
>
Re: Having more than one use case on a Metron instance
Posted by Simon Elliston Ball <si...@simonellistonball.com>.
I would suggest using saved searches, which also remember the selected
columns.
Simon
On Wed, 19 Feb 2020 at 15:51, Euan Hope <ho...@gmail.com> wrote:
> Hi again Metron community.
>
> Sorry to post another question in such quick succession.
>
> Our client has asked us to implement another use case on the Metron
> instance we have set up for them. This new use case uses similar data to
> the original use case but the threat triage rules for scoring the records
> are very different.
>
> The request was to have another tab in the Alerts UI so that the different
> SOC analysts could use different screens for the different use cases.
>
> Is there any way to configure this? And if not, does anyone in the
> community have suggestions on how to approach this?
>
> Thanks in advance for the help.
>
--
--
simon elliston ball
@sireb