Date

Attendees

Goals

  • Discuss ‘Single Pane of Glass’

Discussion items

  1. What goal does a ‘Single pane of glass’ achieve?

    1. Need Easy Start and stop Services - JZeolla

    2. Need to easily troubleshoot - JZeolla

    3. Get Basic operational - JZeolla

    4. Health monitoring in general.  - JZeolla

    5. Alert when something is broken - JZeolla

    6. Dashboard gets to everything or just high level. -RMcKissick

    7. How functional is it? Or it just a navigation point with a lot of useful info. - JZeolla

    8. That first page needs to be on a 60inch screen - JZeolla

  2. What are some Examples?

    1. iPhone - HLivian

    2. Windows 10 - HLivian

  3. Hub & Spoke UI Model

    1. Flatten a hierarchy

    2. Dashboard needs to be customizable - JZeolla

    3. Need profiles for Servers and People - JZeolla

    4. Need Slices and different views of things - JZeolla

    5. Need to generate a report everyday on this, an Executive View - JZeolla

    6. Need a concept for saved searches, shortcuts - JZeolla

    7. Need to see what's being executed exactly. Debugging style view. - JZeolla

    8. Output snapshots need to be escalate to me. - JZeolla

    9. IS there some kind of Case Management system? - JZeolla

    10. Want to share a link of where I am with someone else  - JZeolla

    11. Visualization Needs - JZeolla

      1. Time based trending with focus on anomalies

      2. Ordered lists by geo regions

      3. How much data over protocols or ports

      4. How are things trending over time.

      5. Health check, what's having issues?

      6. Constant visual for health

    12. Very quickly it's going to get detailed, very important to drill down, drilling in is most important use case.

  4. Filter Lake Concept

    1. Really like telling you the choices - JZeolla

    2. Want to be able export these metrics as a report - JZeolla

  5. Should roles have different UI? - JZeolla

    1. Roles should have a baseline. Then tweak

    2. Data science wants custom only interface, they are rarely satisfied with any stock visuals, they always want to create their own.

    3. Big Team versus small Team

      1. Big Team has major separation of duty

      2. Novice users might have little training but need to dig into the data

      3. A lot more detailed needs in larger

      4. Smaller Team: All senior level in smaller team

  6. Would making Learning Models proprietary keep them safe? 

    1. Determined attacker will get it anyway. 

    2. They will pay just to reverse engineer the algorithm

    3. Has seen some buzz and even classes on subverting Machine Learning Models

  7. App Store

    1. Open Exchange would be great for Learning Models or enrichments - JZeolla

      1. Would like to submit enrichments to the community - JZeolla

    2. Splunk has an App Store - JZeolla

  8. Jon Zeolla Interview
    1. Carnegie Mellon University (CMU) SOC Team
      1. SOC Team has 12 Members
      2. Has a 60inch monitor that shows status when they walk in the office
      3. He supports Operations and provisions access as a Platform Engineer
      4. Very interested in Metron wants to know how committed we are looking to invest in building a system
      5. Metron Architecture exactly matches what he was hoping to build for CMU
      6. Two years ago he set out to redesign the system. OpenSOC Architecture inspired him.

    2. Runs Meetups and Conferences in Pittsburgh

    3. Invited Hortonworks to visit if we are in Pittsburgh

    4. Open to giving perspective

      1. Really excited. Looking at doing seam implementation. Make this 80% of day to day.

Action items

  • @Houshang to mockup Saved Search