James -
Thank you for your response. I've also included Prateek's email below, as I'd like to to talk to that as well. I do appreciate the work that has been done on OpenSoC. Let me say that what drew me to this was the presentation and the concept. The idea that something like this has been looked at, and funded was intriguing to me, despite my already mentioned hesitancy.
To your first point about intentions. I think even in my initial email I made a point to separate the folks working on the project (such as yourself) from the actions of the overall company or the individuals who are making the sales pushes. We know there are great people working large companies, and that's what I liked about this project. I would advocate that in creating a grassroots community, an org like Cisco could do well to look at some of the other small communities in the data space. Spark, Storm, Mesos, Kafka etc all seem to have vibrant communities where the startups companies are plugged in as part of their jobs. Not just to develop, but to interact .Have team members take turns responding to questions, set guidelines for how people respond to try to stay vendor neutral . Try to identify contributors and work to facilitate their work even outside of your dev team. I asked for Wiki access a while ago to no response. I am not sure how community driven a password protected wiki is (even to read!). You WANT others who have implemented things starting to help those who are trying to implement, however, if NO ONE outside of your can implement without your orgs help, then it feels less about community and more about Cisco/Hortonworks.
Another point here, the presentation on the website talks about all the tuning that went it into getting things setup and humming along, but I could not find examples or explanations on what was tweaked to get that performance. What changes were made? How can we configure our tools to do this type of stuff better. Once again, this seems odd to me, teasing these performance tweaks, but not actually publishing them.
Second Point: I am sorry to disagree with you on this, but you are Cisco. Perceptions are reality to many people, and I can appreciate your point of view, but consider this. If you have to explain what you did in your post to every person who questions Cisco's involvement, then you in a sense proving the perception issue. To break that perception, and help people think more openly about Cisco, there needs to be that community involvement, let people see for themselves that their perception is incorrect. Unfortunately, for every loud-mouthed poster like myself, there is likely 10-20 others who just say "meh, Cisco sales" say nothing and walk away, thus you never get a chance to respond to their perceptions. Given that you work at Cisco, that lies on your shoulders. In addition, on the Hortonworks stuff, they didn't try to "sell" me OpenSOC, instead it was a reaching out to talk about how they support OpenSOC and wanted to help sell that support and the Hortonworks platform. To me, it was still trolling the boards trying to sell me something, but I am not sure if it makes a difference in how you approach. I will follow-up with you privately to provide more details
Third Point: This is where helping the community and being proactive would help you. Getting some folks involved in your direction, to help drive things. Breaking up parts of the OpenSoc so you can "install" these pieces and see it in a basic form and add more as needed, I'd love to talk to you about your data model and taking the Kafka related stuff in looking to integrate pieces from the Confluent platform for Schema Management. Provide you information how others (like my org) have done a Security Data platform, and how to make it great platform for Security, while still handling other information well. But as of now, people struggle just to get see something of the project working. It has all the pieces, but is missing the community to make it great.
I also wanted to take time to address Prateek's email. While I appreciate the support, I do feel Prateek's Analysis comments could use some thoughts: Basically, I see OpenSOC as a frame work of tools that one can use to see better into your network traffic, alerts, events etc. The analysis will always need to be done at a human level. OpenSOC gives your analysts at your fingertips data, without having to dig around all over the place, that is awesome. I love what I see in the potential of OpenSOC doing, but one thing I DON'T expect out of OpenSOC is to do the analysis part for me.
I hope that helps to clarify my thoughts to both posts. Like I said, work needs to be done on the community side, perhaps that can repair things, I can be hopeful.
John
Prateek's email