You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@metron.apache.org by Laurens Vets <la...@daemon.be> on 2017/09/28 16:09:47 UTC
[DISCUSS] Is there a reason for separate Management & Alerts UIs?
As the subject says, is there a specific reason to have the Management &
Alerts UI separate?
Having another option under "Operations" called "Alerts" in the
Management UI seems to make more sense to me... If it's because they are
called Management UI and Alerts UI, maybe we should make it more general
and name it Metron UI?
Re: [DISCUSS] Is there a reason for separate Management & Alerts UIs?
Posted by James Sirota <js...@apache.org>.
At some point in the future we may think about converging them because functions like defining threat rules and setting up profiles may overlap the SOC and ops personnel. But as you said, the initial intent was that the two UIs target two different user personas.
02.10.2017, 11:35, "Nick Allen" <ni...@nickallen.org>:
> I think the main reason historically is that each UI has different use
> cases and user roles. The Management UI will mainly be used by an Security
> Platform Engineer, while the Alerts UI will be used by a SOC Analyst,
> Investigator or Manager.
>
> That being said, I am not against a single, unified UI, as long as it is
> paired with appropriate role based access controls.
>
> On Thu, Sep 28, 2017 at 12:10 PM Laurens Vets <la...@daemon.be> wrote:
>
>> As the subject says, is there a specific reason to have the Management &
>> Alerts UI separate?
>>
>> Having another option under "Operations" called "Alerts" in the
>> Management UI seems to make more sense to me... If it's because they are
>> called Management UI and Alerts UI, maybe we should make it more general
>> and name it Metron UI?
-------------------
Thank you,
James Sirota
PPMC- Apache Metron (Incubating)
jsirota AT apache DOT org
Re: [DISCUSS] Is there a reason for separate Management & Alerts UIs?
Posted by Nick Allen <ni...@nickallen.org>.
I think the main reason historically is that each UI has different use
cases and user roles. The Management UI will mainly be used by an Security
Platform Engineer, while the Alerts UI will be used by a SOC Analyst,
Investigator or Manager.
That being said, I am not against a single, unified UI, as long as it is
paired with appropriate role based access controls.
On Thu, Sep 28, 2017 at 12:10 PM Laurens Vets <la...@daemon.be> wrote:
> As the subject says, is there a specific reason to have the Management &
> Alerts UI separate?
>
> Having another option under "Operations" called "Alerts" in the
> Management UI seems to make more sense to me... If it's because they are
> called Management UI and Alerts UI, maybe we should make it more general
> and name it Metron UI?
>