Date
Attendees
Rita McKissick
- Jon Zeolla
Goals
- Discuss ‘Single Pane of Glass’
Discussion items
What goal does a ‘Single pane of glass’ achieve?
Need Easy Start and stop Services - JZeolla
Need to easily troubleshoot - JZeolla
Get Basic operational - JZeolla
Health monitoring in general. - JZeolla
Alert when something is broken - JZeolla
Dashboard gets to everything or just high level. -RMcKissick
How functional is it? Or it just a navigation point with a lot of useful info. - JZeolla
That first page needs to be on a 60inch screen - JZeolla
What are some Examples?
iPhone - HLivian
Windows 10 - HLivian
Hub & Spoke UI Model
Flatten a hierarchy
Dashboard needs to be customizable - JZeolla
Need profiles for Servers and People - JZeolla
Need Slices and different views of things - JZeolla
Need to generate a report everyday on this, an Executive View - JZeolla
Need a concept for saved searches, shortcuts - JZeolla
Need to see what's being executed exactly. Debugging style view. - JZeolla
Output snapshots need to be escalate to me. - JZeolla
IS there some kind of Case Management system? - JZeolla
Want to share a link of where I am with someone else - JZeolla
Visualization Needs - JZeolla
Time based trending with focus on anomalies
Ordered lists by geo regions
How much data over protocols or ports
How are things trending over time.
Health check, what's having issues?
Constant visual for health
Very quickly it's going to get detailed, very important to drill down, drilling in is most important use case.
Filter Lake Concept
Really like telling you the choices - JZeolla
Want to be able export these metrics as a report - JZeolla
Should roles have different UI? - JZeolla
Roles should have a baseline. Then tweak
Data science wants custom only interface, they are rarely satisfied with any stock visuals, they always want to create their own.
Big Team versus small Team
Big Team has major separation of duty
Novice users might have little training but need to dig into the data
A lot more detailed needs in larger
Smaller Team: All senior level in smaller team
Would making Learning Models proprietary keep them safe?
Determined attacker will get it anyway.
They will pay just to reverse engineer the algorithm
Has seen some buzz and even classes on subverting Machine Learning Models
App Store
Open Exchange would be great for Learning Models or enrichments - JZeolla
Would like to submit enrichments to the community - JZeolla
Splunk has an App Store - JZeolla
- Jon Zeolla Interview
- Carnegie Mellon University (CMU) SOC Team
- SOC Team has 12 Members
- Has a 60inch monitor that shows status when they walk in the office
- He supports Operations and provisions access as a Platform Engineer
- Very interested in Metron wants to know how committed we are looking to invest in building a system
- Metron Architecture exactly matches what he was hoping to build for CMU
- Two years ago he set out to redesign the system. OpenSOC Architecture inspired him.
Runs Meetups and Conferences in Pittsburgh
Invited Hortonworks to visit if we are in Pittsburgh
Open to giving perspective
Really excited. Looking at doing seam implementation. Make this 80% of day to day.
Action items
- @Houshang to mockup Saved Search