It provides the SSH authentication to the host you want to access. For Cisco devices (PIX, routers, etc), you need to provide an additional parameter for the enable password. The same thing applies if you want to add support for “su”, it must be the additional parameter.

1. Log into AlienVault USM.
2. Navigate to environment -> detection -> hids -> agentless
3. Click on 'New' and add new HIDS in agentless

Image may be NSFW.
Clik here to view.

You will notice Agentless is not running in red text.

Agentless daemon is running after adding device

4. Go to HIDS control center to enable agentless process if not started

Image may be NSFW.
Clik here to view.

5. If web interface did not work then you have to check in console and log

Here is log for agentless

grep agentless /var/ossec/logs/ossec.log

2016/06/29 15:08:01 ossec-agentlessd: INFO: Not configured. Exiting.

Let work with terminal

Getting started with agentless

6. You need to enable the agentless monitoring:

# /var/ossec/bin/ossec-control enable agentless

7. Listing agentless host in the system. It should list which we just added as below

/var/ossec/agentless/register_host.sh list

Image may be NSFW.
Clik here to view.

8. Update the configuration files by adding <agentless> to  </ossec_config>

vi var/ossec/etc/ossec.conf

   <agentless>
      <type>ssh_pixconfig_diff</type>
      <frequency>36000</frequency>
      <host>host@192.168.100.xxx</host>
      <state>periodic_diff</state>
    </agentless>

9. Check ossec status by

/var/ossec/bin/ossec-control status

Image may be NSFW.
Clik here to view.

10. Restart the ossec by below command and check again the status.

/var/ossec/bin/ossec-control restart

Image may be NSFW.
Clik here to view.

Here it is active

Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Access log moves to sensor / data source then I mapping to event id with considering the rules in ossim.

Data sources can be found in “ossim ->configuration –> threat_intelligence –> data_source” and search for source as below. Pick “AlienVault HIDS-accesslog” and it reads the access log.

Image may be NSFW.
Clik here to view.

Browser the data source from the UI.

Image may be NSFW.
Clik here to view. 

Events are map to OSSEC event in here.

# /var/ossec/rules/web_rules.xml

Event range 31100–31199 is web access log rules

Each application contains it's own log record format.
eg:

web.madhuka.lk 123.231.120.128 - - [27/Dec/2015:03:44:16 +0530] "POST /lksearch.php HTTP/1.1" 200 35765 "http://madhuka.lk/""Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"

Here we add new ossec decoder called “custom-apache-access-log”
# /var/ossec/etc/decoder.xml

<decoder name="custom-apache-access-log">
  <program_name>custom-apache-access-log</program_name>
</decoder>

Then test it

# /var/ossec/bin/ossec-logtest

Image may be NSFW.
Clik here to view.

It says

**Phase 2: Completed decoding.
       No decoder matched.

No matching found as we did not write match for our new custom log decoder still. Let write prematch for our decoder

<decoder name="custom-apache-access-log">
    <prematch>^web.madhuka.lk </prematch>
</decoder>

Then run again then it will hit our custom decoder as below

Image may be NSFW.
Clik here to view.

Adding new child decoder

<decoder name="custom1-apache-access-log">
  <parent>custom-apache-access-log</parent>
  <prematch offset="after_parent"> "POST \S+ \S+"</prematch>
  <regex offset="after_parent">^(\S+) - - [(\S+) (\S+)] "POST (\S+) (\S+)" (\d+) (\d+) "(\S+)""(\S+)"$</regex>
  <order>srcip, extra_data, extra_data, url, srcuser, status, extra_data, extra_data, extra_data</order>
</decoder>

Testing with

web.madhuka.lk 123.231.120.128 - - [27/Dec/2015:03:44:16 +0530] "POST /lksearch.php HTTP/1.1" 200 35765 "http://madhuka.lk/""Mozilla/5.0"

Image may be NSFW.
Clik here to view.

Count line when words has been matched

$ grep -c 'word' /path/to/file

Pass the -n option to precede each line of output with the number of the line in the text file
$ grep -n 'root' /etc/passwd

Ignore word case
$ grep -i 'word' /path/to/file

Use grep recursively under each directory

$ grep -r 'word' /path/to/file

Use grep to search 2 different words

$ egrep -w 'word1|word2' /path/to/file

Grep invert match

$ grep -v 'word' /path/to/file

you can force grep to display output in colors, enter:
$ grep --color 'word' /path/to/file

You can limiting the results count
$ grep -m 10 'word' /path/to/file

You can match regular expression in files (Syntax: grep "REGEX" filename)
$ grep 'word1.*word2' /path/to/file

? The preceding item is optional and matched at most once.
* The preceding item will be matched zero or more times.
+ The preceding item will be matched one or more times.
{n} The preceding item is matched exactly n times.
{n,} The preceding item is matched n or more times.
{,m} The preceding item is matched at most m times.
{n,m} The preceding item is matched at least n times, but not more than m times.

Display N lines around match

Grep can display N lines after match (Syntax: grep -A <N> "string" filename)
$ grep -A 2 'word' /path/to/file

The following example prints the matched line, along with the two lines after it.
$ grep -A 2 -i 'word' /path/to/file

-C is the option which prints the specified N lines before the match.
$ grep -C 2 'word' /path/to/file

The Linux kernel in Ubuntu provides a packet filtering system called netfilter, and the traditional interface for manipulating netfilter are the iptables suite of commands. The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls.

Allowing port from any
$ sudo ufw allow 122/tcp

Listing the app and app infor
$ sudo ufw app list
$ ufw app info Squid

UFW status
$sudo ufw status verbose

Aollowing the port in the IP
$ sudo ufw allow from 192.168.3.231 to any port 443

Unfortunately Windows does not support Fdisk anymore. But there is another good command line tool to solve this problem. DiskPart in windows is useful format unallocated spaces in USB pen.

1. Enter ‘diskpart’ in cmd

Then disk part will start

2. List down storage in PC by

list disk

3. Select the disk to fix by (my case it is disk 1)

select disk 1

4. clean all volumes and partitions on the disk

clean

5. Create a primary partition

create partition primary

Image may be NSFW.
Clik here to view.

A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.

Install pre requests
apt-get install python-ipy python-nmap python-paramiko

Getting osueta repo clone
git clone https://github.com/c0r3dump3d/osueta.git

Create username file
Create txt file with sample of user names in osueta directory (vi username.txt)

Generate brute force attack
Now send sample brute force attack from 'osueta'
./osueta.py -H 192.168.1.4 -p 22 -d 15 -v dos no -L username.txt

Image may be NSFW.
Clik here to view.

Introductions

In OSSEC, the rules are classified in multiple levels from the lowest (00) to the maximum level 16. But some levels are not used right now and below explain level details.
00 - Ignored
01 – None
05 – Error is generated by user
06 - Low relevance attack
08 - First time seen
12 - High important event
15 - Severe attack ( There is no chances of false positives)

Rules group are used specify groups for specific rules. It’s used for active response reasons and for correlation.

Checking Rules

You can find the OSSEC rule list ‘var/ossec/rules’. All this xml files in this directory contains the rules.

In rule xml file we have name group (‘group name’) at parent level of the xml <group name="web,accesslog,">. In there you can define the rules as below

As example I need to get all 400

<rule id="31101" level="5">
  <if_sid>31100</if_sid>
  <id>^4</id>
  <description>Web server 400 error code.</description>
</rule>

Then you need to skip resources file which end with .jpg, .css and .js

<rule id="31102" level="0">
  <if_sid>31101</if_sid>
  <url>.jpg$|.css$|.js$</url>
  <compiled_rule>is_simple_http_request</compiled_rule>
  <description>Ignored extensions on 400 error codes.</description>
</rule>

‘is_simple_http_request’ [1] is function which already inbuilt in OSSEC, if you building ossec from source you can customizing the this functions or added new function that will improve your rules.

Testing the Rules

Initial Test Case

To test above rules you can add custom log record as below

In here we need to get current time by the terminal with below format.
23/Aug/2016:10:09:28 +0530

• Setup sample apache log as below

now=$(date +"%d/%b/%Y:%T %z")
echo "192.168.100.78 - - [$now] \"GET /ossim/services HTTP/1.1\"  200 2295 \”-\” \"Mozilla Firefox/47.0\""

Log record adding to log file

httpStatus=400

logRecord="192.168.100.78 - - [$(date +"%d/%b/%Y:%T %z")] \"GET /ossim/services HTTP/1.1\"  $httpStatus 2295 \”-\” \"Mozilla Firefox/47.0\""

• Then add it the log file for testing our use case with custom rules

echo '{string}'>> file.txt

Our apache log is in /var/log/apache2/access.log

logRecord="192.168.100.78 - - [$(date +"%d/%b/%Y:%T %z")] \"GET /ossim/services HTTP/1.1\"  $httpStatus 2295 \"Mozilla Firefox/47.0\""

echo '$logRecord'>> access.log

Or you can try this for testing

echo "192.168.100.78 - - [$(date +"%d/%b/%Y:%T %z")] \"GET /ossim/foo/ HTTP/1.1\" $httpStatus 3360 \"-\" \"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36\"">> access.log

Second use case

Customizing the rule id="31104" which is in ‘var/ossec/rules/web_rules.xml’ as below to testing

<rule id="31104" level="6">
  <if_sid>31100</if_sid>
  <url>foo</url>
  <description>Common web attack.</description>
  <group>attack</group>
</rule>

Then restart OSSEC server which is content to OSSIM or AlienVault.

Then send rule triggering log record as below

echo "192.168.100.78 - frank [$(date +"%d/%b/%Y:%T %z")] \"GET /ossim/go/foo HTTP/1.1\" $httpStatus 3360 \"-\" \"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36\"">> ../../log/apache2/access.log

Here is the trigger in OSSIM UI.

Image may be NSFW.
Clik here to view.

[1] https://github.com/Madhuka/ossec-hids/blob/master/src/analysisd/compiled_rules/generic_samples.c#L106

In here I am using well known decoder in OSSEC if you need new OSSEC decoder you can write new decoder also [1]. Add new file to  rules directory in OSSEC.

Creating new OSSEC rule set

$ vi var/ossec/rules/custom_access_rules.xml

In here I am interest to monitor web user behavior model. So I only need 200 http status code and I mark that rule with level 05 as it is important to this use case.Mark sure that rule id is unique. I am using ‘accesslog’ decoder as I am reading web access log in here. Here is content of my new ossec rule xml files.

<!--ustom access rules -->

<group name="web,accesslog,">
  <rule id="70000" level="0">
    <category>web-log</category>
    <description>Access log messages grouped.</description>
  </rule>

  <rule id="70001" level="5">
    <if_sid>70000</if_sid>
    <id>^2</id>
    <description>Web server 200 respond code.</description>
  </rule>

</group>

Restart the OSSEC

./bin/ossec-control restart

Testing the Rules that we just created with OSSEC log test

./bin/ossec-logtest

Add 200 http status log record

Here is my sample log record

123.231.120.128 - - [27/Dec/2015:03:44:16 +0530] "GET /lksearch.php HTTP/1.1" 200 35765 "http://madhuka.lk/""Mozilla/5.0"

Image may be NSFW.
Clik here to view.

Here it is trigger the event of rules that we created for web access log

Image may be NSFW.
Clik here to view.

Pre request

Test OSSEC new log from ‘ossec-logtest’

Here is the custom created rules. This rule is mainly looking on url with word with ‘payment’

<rule id="31181" level="6">
   <if_sid>31100</if_sid>
   <url>payment|paid|pay|pays|bar</url>
   <description>Customer payment attempt.</description>
   <group>attack,</group>
</rule>

1. Update the OSSIM plugins

OSSIM plugin need to update to map OSSEC rule to OSSIM agent plugin 

etc/ossim/agent/plugins/ossec-single-line.cfg

<rule id>=<data source id>

eg: 31181=7058

2. Check the rules is visible to ossim

Rules id will shows ‘environment –> detection –> hids –> Edit Rules’

Image may be NSFW.
Clik here to view.

3. Adding OSSIM Event

Add new event type as below by navigating on ‘configuration --> threat_intelligence --> data_source’

Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Re configure the OSSIM server

ossim-reconfig -c -v –d

Test OSSEC rule mapping to OSSIM

send the below request

httpStatus=400
alienvault:/var/ossec/rules# echo "192.168.100.251 - testuser [$(date +"%d/%b/%Y:%T %z")] \"GET /myapp/pays HTTP/1.1\" $httpStatus 3360 \"-\" \"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116

Here Alert comes

Image may be NSFW.
Clik here to view.

add rules id for

Image may be NSFW.
Clik here to view.

alienvault:/etc/ossim/agent/plugins# httpStatus=404

alienvault:/etc/ossim/agent/plugins# echo "192.168.100.251 - testuser [$(date +"%d/%b/%Y:%T %z")] \"GET /ossim/go/payment HTTP/1.1\" $httpStatus 3360 \"-\" \"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36\"">> ../../../../../var/log/apache2/access.log

ossim-reconfig -c -v -d

We need to have extra user data field on our security event. We need to know

• event occurred time
• Host Server IP

Editing particular event on ‘/etc/ossim/agent/plugins/ossec-single-line.cfg’. We can achieve it. We are interest on Web group and ID 0030. We added below line as our need.

After Editing it will be as below

[0030 - Web - group - 31xxx]
event_type=event
#precheck="web"
regexp="^AV\s-\sAlert\s-\s\"(?P<date>\d+)\"\s-->\sRID:\s\"(?P<rule_id>31\d\d\d)\";\sRL:\s\"(?P<rule_level>\d+)\";\sRG:\s\"(?P<rule_group>web[^\"]*)\";\sRC:\s\"(?P<rule_comment>[^\"]+)\";\sUSER:\s\"(?P<username>\S+)\";\sSRCIP:\s\"(?P<srcip>[^\"]*)\";\sHOSTNAME:\s\"(?P<agent_name>\([^\)]*\)\s+)?(?:\S+@)?(?P<hostname>(?(agent_name)(?:\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})|(?:\S+)))(?:->\S+)?;\sLOCATION:\s\"(?P<location>[^\"]*)\";\sEVENT:\s\"\[INIT\](?P<request>.*)\[END\]\";"
date={normalize_date($date)}
plugin_id={translate($rule_id)}
plugin_sid={$rule_id}
device={resolv($hostname)}
src_ip={resolv($srcip)}
dst_ip={resolv($hostname)}
username={$username}
userdata1={$rule_comment}
userdata2={$request}
userdata3={normalize_date($date)}
userdata4={resolv($hostname)}

Then Trigger this with 404 web request. Here we see those custom user data field as below.

Image may be NSFW.
Clik here to view.

This user data field can improve you OSSIM directives and Rules.

If you’re familiar with SEIM tools or OSSEC, then you know syscheck. Syscheck is the integrity checking daemon within OSSEC. It’s purpose is simple, identify and report on changes within the system files.  Once the baseline is set, syscheck is able to perform change detection by comparing all the checksums on each scan. If it’s not a 1 for 1 match, it reports it as a change. If new files are added, it identifies it as new, and reports it. Syscheck options are available in the server, local and agent installation.

In /var/ossec/etc/ossec.conf we can find the Syscheck config. The frequency option is in seconds and is defaulted to 22 hours (or 79,200 seconds). You have added below for new file adding.

<alert_new_files>yes</alert_new_files>

Syscheck in OSSEC is also leveraged the inotify system calls as its detection engine.

You can ignore files in directory using below rules, with rules level 0 or using 'ignore' tag

<rule id="100000" level="0">

or

<ignore>foo/test/</ignore>

Option attributes

• realtime
• check_all
• check_sum
• frequency
• scan_day
• auto_ignore
• refilter_cmd
  - This option can potentially impact performance negatively

By default when a file has changed three times, new changes will be automatically ignored. Handy but it could be improved. When I’m deploying security tools and control, my goal is to reduce the “noise” as much as possible. A side effect of file integrity monitoring is the number of false positive alerts generated.

[1] https://blog.rootshell.be/2013/05/13/improving-file-integrity-monitoring-with-ossec/

Working on an Alienvault IDS system or OSSIM you can come across over huge amount of alarms are created will system migrations.

use the ossim-db command:
>  ossim-db

use the alienvault database:
> USE alienvault

Check for Alarm tables

>SHOW TABLES LIKE 'alarm%';

Get table description

>DESCRIBE  alarm;

Image may be NSFW.
Clik here to view.

Get the number of records in a table 'alarm'.

>SELECT COUNT(*) FROM alarm;

Image may be NSFW.
Clik here to view.

Listing 20 timestamp in alarm table which are created today

>SELECT timestamp FROM alarm WHERE DATE(timestamp) = CURDATE() limit 20;

Let make status for Close for today alarms

>update alarm set status = 'closed' WHERE DATE(timestamp) = CURDATE();

Image may be NSFW.
Clik here to view.

Before                 -------- ----->                       Now

Image may be NSFW.
Clik here to view.

There is few thing that make my work enjoyable with WSO2 ESB as it provides support for JavaScript Object Notation (JSON) payloads in messages. It is not very new feature and it old feature.

It supports

• JSON message building
• Converting a payload between XML and JSON
• Accessing content on JSON payloads
• Logging JSON payloads
• Constructing and transforming JSON payloads
• Troubleshooting, debugging, and logging

But I will explain some basic feature on this and it is worth to know. It makes your task easy all the time. It is accessing content on JSON payloads

• Listing
• Sorting
• Searching
• Picking
• Comparing

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="testadmin2"
       startOnLoad="true"
       statistics="disable"
       trace="disable"
       transports="http,https">
   <target>
      <inSequence>
         <payloadFactory media-type="json">
            <format>
            { "store": {
    "book": [
      { "category": "reference",
        "author": "Nigel Rees",
        "title": "Sayings of the Century",
        "price": 8.95
      },
      { "category": "fiction",
        "author": "Evelyn Waugh",
        "title": "Sword of Honour",
        "price": 12.99
      },
      { "category": "fiction",
        "author": "Herman Melville",
        "title": "Moby Dick",
        "isbn": "0-553-21311-3",
        "price": 8.99
      },
      { "category": "fiction",
        "author": "J. R. R. Tolkien",
        "title": "The Lord of the Rings",
        "isbn": "0-395-19395-8",
        "price": 22.99
      }
    ],
    "bicycle": {
      "color": "red",
      "price": 19.95
    }
  }
}
            </format>
            <args>
               <arg evaluator="xml" expression="//store/name"/>
               <arg evaluator="xml" expression="//store/price"/>
               <arg evaluator="json" expression="store.toppings.topping"/>
            </args>
         </payloadFactory>
         <property name="messageType" scope="axis2" value="application/json"/>
         <log>
            <property expression="json-eval($.store.book[*].author)" name="JSON-book"/>

            <property expression="json-eval($.store)" name="JSON-Paydsfadx"/>

            <property expression="json-eval($..author)" name="All-author"/>

            <property expression="json-eval($.store..price)" name="prices"/>

            <property expression="json-eval($..book[2])" name="Second-Book"/>

            <property expression="json-eval($..book[:2])" name="First-Two-Books"/>

            <property expression="json-eval($..book[?(@.isbn)])" name="ISBN-Sort"/>

            <property expression="json-eval($..book[?(@.author=='Evelyn Waugh')].author)"
                      name="Search-Author"/>

          <property expression="json-eval($..book[?(@.price>12)])"
                      name="Book-price"/>

         </log>
         <send>
            <endpoint>
               <http method="POST" uri-template="http://127.0.0.1:8020/2"/>
            </endpoint>
         </send>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
   </target>
   <description/>
</proxy>
     

Image may be NSFW.
Clik here to view.

Data integration is the combination of technical and business processes used to combine data from disparate sources into meaningful and valuable information. Today some systems may store data in a denormalized form and data integration tools able handle those. In this blog post Talend will be used to show case handling simple denormalized data set file.

For example, system stores state data with the following schema: [filed1];[[filed2.1],[filed2.2]] Schema is mapping [StateID];[[StateName],[PostCode]]. Here is the sample file ‘states.csv’.

StateID;StateName,PostCode
1;Alabama,009234
2;Alaska,009235
3;Arizona,009236
4;Arkansas,009237
5;California,009244
6;Colorado,009245
7;Connecticut,009214
8;Delaware,009278
9;Florida,0092897
10;Georgia,009247

Start Development in Talend Studio

1. Drop the following components from the Palette onto the design workspace: tFileInputFullRow, tExtractDelimitedFields, and tLogRow.
2. Connect them using the Row Main links.

Image may be NSFW.
Clik here to view.

Configuring the components

1. Double-click the tExtractDelimitedFields component to open its Basic settings view. Add the file path and Skip the header line.

Image may be NSFW.
Clik here to view.

Update the schema as below

Image may be NSFW.
Clik here to view.

2. Double-click the tFileInputFullRow component to open its Basic settings view. Edit the schema

Image may be NSFW.
Clik here to view.

3.  Double-click the tLogRow component to open its Basic settings view. Edit the schema

Image may be NSFW.
Clik here to view.

Running

1. Save it and press ‘F6’

Image may be NSFW.
Clik here to view.

Post is very basic one, Since Talend is all about data integration. Finding a BigDecimal [1] in such data set is very common.

BigDecimal VS Doubles

A BigDecimal is an exact way of representing numbers. A Double has a certain precision. Working with doubles of various magnitudes (say d1=1000.0 and d2=0.001) could result in the 0.001 being dropped all together when summing as the difference in magnitude is so large. With BigDecimal this would not happen.

The disadvantage of BigDecimal is that it's slower, and it's a bit more difficult to program algorithms that way (due to + - * and / not being overloaded).

If you are dealing with money, or precision is a must, use BigDecimal. Otherwise Doubles tend to be good enough.

Big Decimal Sample

First we go with Big Decimal value such as ‘1.8772265500517E19’. It means 1.8772265500517 x 10¹⁹ . We need to pass it without scientific notation. You can used ‘tJava’ comment in Talend and used simple java to achieve this.

BigDecimal bigDecimal = new BigDecimal("1.8772265500517E19");
System.out.println(bigDecimal.toPlainString());

If you think you need to specific decimal point count also. Then you can used below line

System.out.printf("%1$.2f", bigDecimal);

2 is the number of decimal places you want. You can change as you need.

Image may be NSFW.
Clik here to view.

Here is the output

Image may be NSFW.
Clik here to view.

DoublesSample

There are few ways to achieve this such as 'Talend Routines' or 'tJava', etc. But here we used tJava component. Add below lines to the ‘Basic setting panel tab’

double sampleDouble =  1.8772265500528E9;
System.out.println(sampleDouble);
NumberFormat formatter = new DecimalFormat("###.####");
String sampleDoubleString = formatter.format(sampleDouble); 
System.out.println(sampleDoubleString);

Then add below imports in to the ‘Advance Setting tab’

import java.text.NumberFormat;
import java.text.DecimalFormat;

Image may be NSFW.
Clik here to view.

Here is the out put of the job

Image may be NSFW.
Clik here to view.

Make sure you usedBigDecimal and Doubles in correct way in correct places.

[1] https://docs.oracle.com/javase/7/docs/api/java/math/BigDecimal.html

Enterprise Data Integration is a broad term used in the integration landscape to connect multiple Enterprise  applications and hardware systems within an organization. All these enterprise data integration lead to achieve to remove the complexity by simplifying data management as a whole.

Unified Data Management Architecture

Unified Data Management Architecture offers reliability and performance of a data warehouse, real-time and low-latency characteristics of a streaming system, and scale and cost-efficiency of a data lake. More importantly, UDM utilizes a single storage backend with benefits of multiple storage systems which avoids moving data across systems hence data duplication, and data consistency issues. Overall, less complexity to deal with.

Common In-Memory Data Interfaces
It is a new data integration pattern. It depends on a shared high-performance distributed storage or a common data format sitting between compute and storage. Alluxio and Apache Arrow are sample for respectively. Apache Arrow has support for 13 major big data frameworks including Calcite, Cassandra, Drill, Hadoop, HBase, Ibis, Impala, Kudu, Pandas, Parquet, Phoenix, Spark, and Storm.

Image may be NSFW.
Clik here to view.

Machine Learning with Data Integration
Machine learning and artificial intelligence (AI) tools are based smart data integration assistants. These assistants can recommend next-best-action or suggest datasets, transforms, and rules to a data engineer working on a data integration project.

Image may be NSFW.
Clik here to view.

Event-Driven Data Flow Architecture
More and more organizations are jumping to the event-driven architecture with the view that it can provide real-time and fast the existing systems. To achieve this, organizations are utilizing distributed messaging system such as Apache Kafka, Message brokers. On top, they are implementing concepts such events, topics, event producers, and event consumers. A key aspect of event-driven data flow architecture is support for microservices architecture, and, more specifically, database per service patterns.

Image may be NSFW.
Clik here to view.

[1] https://tdwi.org/articles/2010/05/06/introduction-to-unified-data-management.aspx

In this post give some basic on JAVA Stream API which is added in Java 8. It works very well in conjunction with lambda expressions. Pipeline of stream operations can manipulate data by performing operations like search, filter, count, sort, etc. A stream pipeline consists of a source such as an array, a collection, a generator function, an I/O channel. It may have zero or more intermediate operations for transform a stream.

Stream operations are divided into intermediate and terminal operations.

Intermediate operations return a new stream. They are always lazy; executing an intermediate operation does not actually perform any filtering, but instead creates a new stream that, when traversed, contains the elements of the initial stream that match the given predicate. Intermediate operations do not get executed until a terminal operation is invoked as there is a possibility they could be processed together when a terminal operation is executed.
eg: map, filter, flatmap, limit, sorted, distinct, peek

Terminal operations produces a non-stream, result such as primitive value, a collection or no value at all. Terminal operations are typically preceded by intermediate operations which return another Stream which allows operations to be connected in a form of a query.
eg: findAny, allMatch, count, max, min, etc.

Sample in can be found in here

Intermediate operations are further divided into stateless and stateful operations.

Stateless operations, such as filter and map, retain no state from previously seen element when processing a new element, each element can be processed independently of operations on other elements.

Stateful operations, such as distinct and sorted, may incorporate state from previously seen elements when processing new elements. Stateful operations may need to process the entire input before producing a result. For example, one cannot produce any results from sorting a stream until one has seen all elements of the stream.

Sample in can be found in here. You have be care full on this if you use in wrong order it may lead memory issue. As example if we sort() stream first then it will load all in to memory as shown in sample. (test_sorted_notShortCircuiting)

Image may be NSFW.
Clik here to view.

(limit_car_maker_test)

Image may be NSFW.
Clik here to view.

You can see all the elements are loaded in ‘test_sorted_notShortCircuiting’ though it have limit of 2.

Streams in serial or in parallel

You can execute streams in serial or in parallel. When a stream executes in parallel, the Java runtime partitions the stream into multiple sub-streams.

As example - Collection has methods Collection.stream() and Collection.parallelStream(), which produce sequential and parallel streams respectively.

When you do that, the stream is split into multiple chunks, with each chunk processed independently and with the result summarized at the end. In sample implementation of get sum of the longs method you can take advantage of parallelization and utilize all available CPU cores.

Optional

In the sample you will find new class Optional which was introduce with Java 8. It is used to represent a value is present or absent. The main advantage of this new construct is that No more too many null checks and NullPointerException. It avoids any runtime NullPointerExceptions and supports us in developing clean and neat Java APIs or Applications.

Image may be NSFW.
Clik here to view.Image may be NSFW.
Clik here to view.

When a value is present, the Optional class just wraps it. Conversely, the absence of a value is modeled with an “empty” optional returned by the method Optional.empty. It’s a static factory method that returns a special singleton instance of the Optional class. Dereference a null will invariably cause a NullPointer-Exception, whereas Optional.empty() is a valid, workable object.