Organization report plus other new stuff
12 views
Skip to first unread message
Tor Johnson
May 23, 2014, 7:04:35 AM5/23/14
to megatron...@googlegroups.com
Ahoy List!
I have pushed some new features to the repo:
* Organization report: A new report which is target for organizations with a
huge volume of abuse cases, e.g. ISPs and web hotels. Instead of getting one
email per data source, they will receive only one report every 24 hours that
is machine parsable. The job-types to include in the report are specified
using the property "report.organization.jobTypes", and organizations to send
the report to are specified with "report.organization.recipients".
* MultithreadedDnsProcessor: Makes DNS lookups and reverse lookups in multiple
threads to increase performance. See the following configurations:
ip-flowing and ip-flowing-verbose [1][2]. DNS lookups have been a performance
bottleneck, and this new function gives a significant performance boost.
* Attachment: An attachment with all the log rows in the mail body can now be
added. The attachment is in tab-separated format and is machine parsable.
* In addition, I have fixed some bugs and other quirks.
We will add some more features and do some testing, and then we will release
version 1.0.11. The plan is then to do some minor changes in the data model
and add some features, and make a new release. We hope to be finished before
the summer vacation.
If you have requests for a new feature och a bug report, now is the time to
submit it.
[1] https://github.com/cert-se/megatron-java/blob/master/conf/job-type/ip-flowing.properties
[2] https://github.com/cert-se/megatron-java/blob/master/conf/job-type/ip-flowing-verbose.properties
/Tor
I have pushed some new features to the repo:
* Organization report: A new report which is target for organizations with a
huge volume of abuse cases, e.g. ISPs and web hotels. Instead of getting one
email per data source, they will receive only one report every 24 hours that
is machine parsable. The job-types to include in the report are specified
using the property "report.organization.jobTypes", and organizations to send
the report to are specified with "report.organization.recipients".
* MultithreadedDnsProcessor: Makes DNS lookups and reverse lookups in multiple
threads to increase performance. See the following configurations:
ip-flowing and ip-flowing-verbose [1][2]. DNS lookups have been a performance
bottleneck, and this new function gives a significant performance boost.
* Attachment: An attachment with all the log rows in the mail body can now be
added. The attachment is in tab-separated format and is machine parsable.
* In addition, I have fixed some bugs and other quirks.
We will add some more features and do some testing, and then we will release
version 1.0.11. The plan is then to do some minor changes in the data model
and add some features, and make a new release. We hope to be finished before
the summer vacation.
If you have requests for a new feature och a bug report, now is the time to
submit it.
[1] https://github.com/cert-se/megatron-java/blob/master/conf/job-type/ip-flowing.properties
[2] https://github.com/cert-se/megatron-java/blob/master/conf/job-type/ip-flowing-verbose.properties
/Tor
Reply all
Reply to author
Forward
0 new messages