THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Eagle project was invited to HackIllinois event https://www.hackillinois.org/
One idea is to develop one security event correlation platform for user to easily onboard new metric and model metric correlation.
In order for students to focus on correlation platform design, we won't use Eagle existing HBase storage, Rest API, DSL, and dynamic policy framework. Instead, we create this prototype based on mysql, and students have to write new API and build storm topology from scratch.
The basic requirements are:
- Design tables: metricSchemaDef, metricGroupDef, policyDef
- Storm topology: one spout + N correlation bolts
- Spout
- reference KafkaSpout, but may need some fundamental changes if we want support multiple topic
- maintain a route table which maps metricGroup to correlation bolt ID. This table should be identical across all spout instances
- read metricGroupDef and metricSchemaDef in background and spawn new thread to read new metric
- Correlation bolt
- read policyDef