Open alexmac opened 6 years ago
Thanks for reaching out!
For those sorts of large-scale policy decisions, we moved away from trying to surface the necessary data in the UI and now mainly rely on Bigquery. It allows for a SQL-based interface to generate metrics like "The certs with the most unique binaries detected on the fleet" or "The hosts with the most number of unique block events".
While these sorts of statistics aren't impossible to do with Datastore, they don't scale as well as we would like. Bigquery, on the other hand, doesn't even blink at that sort of scale.
If you'd like to do the same, we have instructions to set up Bigquery streaming here.
Thanks again!
Cool, that'll work to some extent.
We might even disable all of upvote's UI since we really just want a data ingest backend for santa to help us make the rules - at the scale of our deployment and lockdown needs having this social voting feature isn't really as interesting to us as being able to monitor and create rules
I've implemented this in: https://github.com/google/upvote/issues/24
I'm starting to roll out santa/upvote to a number of machines and trying to figure out the best way to manage the initial creation of the whitelist (presumably easier going forward as we won't expect much new stuff to show up)
It would be nice if there was a "publishers" view on the upvote dashboard to make it easier to go through and mass whitelist certificates at the global level, perhaps sorted by how many apps fall under each certificate