[METRON-1554] Pcap Query Panel - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Done
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 0.6.0
Labels:
None

Description

Legacy OpenSOC included a panel in Kibana that allowed users to query for pcap data. We would like to add this feature back into Metron. There are 2 discussions happening on the dev list where we are gathering user requirements:

http://mail-archives.apache.org/mod_mbox/metron-dev/201805.mbox/%3CCAEVkqPYxfe3Q65mX7Mkuk_FKUCV420yb6hcLmf+FF=1OZERFoQ@mail.gmail.com%3E

and working through the backend architecture:

http://mail-archives.apache.org/mod_mbox/metron-dev/201805.mbox/%3CCAEVkqPbxzJNU_WGRbFWnZ-MVqnKb7mthEdvEQ9PLYhwfiT7F0g@mail.gmail.com%3E

Forthcoming sub tasks will be based on the outcome of these discussions.

Attachments

Issue Links

links to

GitHub Pull Request #1103

GitHub Pull Request #1169

Sub-Tasks

1.	Update REST to run YARN and MR jobs	Done	Ryan Merriman
2.	PcapJob should be asynchronous	Done	Michael Miklavcic
3.	Enable paging through Pcap result sets	Done	Michael Miklavcic
4.	Update MPack to support Pcap panel	Done	Ryan Merriman
5.	Enable Kerberos in REST for YARN and MR jobs	Done	Ryan Merriman
6.	Create job status abstraction	Done	Michael Miklavcic
7.	Retrieve Pcap results in pdml format	Done	Ryan Merriman
8.	Create Pcap Query Filter endpoint	Done	Ryan Merriman
9.	Create PCAP UI	Done	Tibor Meller
10.	Create REST endpoint for job status abstraction	Done	Ryan Merriman
11.	PCAP UI - Downloading PCAP page files	Done	Tibor Meller
12.	PCAP UI - Introduce the paging capability	Done	Shane Ardell
13.	PCAP UI - Add data range selector to the filter bar	Done	Tibor Meller
14.	PCAP UI - Fix the download progress bar	Done	Shane Ardell
15.	Retrieve Pcap results in raw binary format	Done	Ryan Merriman
16.	Create stop job endpoint for Pcap queries	Done	Michael Miklavcic
17.	Add more context to PcapJob JobStatus	Done	Michael Miklavcic
18.	REST should limit the number of Pcap jobs a user can submit	Done	Ryan Merriman
19.	Fix Pcap CLI local FS finalizer	Done	Michael Miklavcic
20.	Create REST endpoint to get job configuration	Done	Ryan Merriman
21.	Reload a running job in the UI	Done	Ryan Merriman
22.	PCAP UI - Input validation	Done	Tibor Meller
23.	PCAP UI - Add a way to kill a pcap job	Done	Tibor Meller
24.	Add tests to handle different input parameter values	Done	Ryan Merriman
25.	Better error messages when there are no results or wireshark is not installed	Done	Ryan Merriman
26.	New default input path is wrong in pcap CLI	Done	Ryan Merriman
27.	PcapCLI should print progress to stdout	Done	Ryan Merriman
28.	PCAP UI - Unable to select/copy from packets details in PCAP query panel	Done	Shane Ardell
29.	Add ability to specify YARN queue for pcap jobs	Done	Ryan Merriman
30.	Refactor PcapTopologyIntegrationTest	Done	Michael Miklavcic
31.	Handle null values in config in Pcap backend more gracefully	Done	Michael Miklavcic
32.	PCAP - Escape colons in output dir names	Done	Michael Miklavcic
33.	Enable Pcap jobs to be submitted asynchronously	Done	Michael Miklavcic
34.	Fix job status liveness bug and parallelize finalizer file writing	Done	Michael Miklavcic
35.	PCAP UI - PCAP queries don't work on Safari	Done	Shane Ardell
36.	Src and Dst port filters are incorrect after changing to empty	Done	Ryan Merriman
37.	Empty print status option causes NPE	Done	Ryan Merriman
38.	Document Job cleanup	Done	Ryan Merriman
39.	Pcap parser fails to write pacap sequence file to hdfs on kerberized cluster	Done	Mohan Venkateshaiah
40.	Pcap directories should have correct permissions	Done	Ryan Merriman
41.	UDP packets are not handled	Done	Ryan Merriman

Activity

People

Assignee:: Ryan Merriman

Reporter:: Ryan Merriman

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 14/May/18 13:38

Updated:: 04/Sep/18 17:18

Resolved:: 04/Sep/18 17:18