Uploaded image for project: 'Metron (Retired)'
  1. Metron (Retired)
  2. METRON-1608

Add configuration for threat.triage.field name

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Done
    • Major
    • Resolution: Done
    • None
    • 0.6.0
    • None

    Description

      Currently there is an option for replacing '.'s with ':'s in Elasticsearch field names.  This is the default behavior.  However our current version of Elasticsearch (5.6.2) now allows '.'s so it's possible for users to use '.'s instead.  In the DAO implementation (metaalerts specifically), the threat.triage.field is hardcoded with ':'s and will not work properly if a user switches to using '.'s.

      Attachments

        Issue Links

          is depended upon by

          Improvement - An improvement or enhancement to an existing feature or task. METRON-1622 Allow user to define global property 'threat.triage.score.field' in Ambari

          • Major - Major loss of function.
          • Done
          is duplicated by

          Sub-task - The sub-task of the issue METRON-1600 Solr should be using threat.triage.score everywhere instead of threat:triage:score (back end)

          • Major - Major loss of function.
          • Done
          links to

          Web Link GitHub Pull Request #1055

          Activity

            People

              rmerriman Ryan Merriman
              rmerriman Ryan Merriman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: