LM Exchange Use Cases

monetizing the exchange

Palo Alto’s XSOAR (formally Demisto) has a similar exchange system with monetization. Once they added it, it was night and day the quality of modules. Vendors and users wrote so many good modules once they incentivized people to create them.

@Austin Culbertson  the original intent was just to facilitate sharing amongst the entire LM customer community.

I’m surprised you’re seeing modules in “Security Review” before they are marked “Public”. Security Review is a prerequisite for sharing (for obvious reasons), but isn’t required for the “private backup” use case.

We didn’t originally have private/public distinction in the LM Exchange because we originally had no way to view the “repository” of the Exchange. This meant that the public or privateness of a locator was dependent upon how the user who created it decided to share it.

I would love to enable “Google drive like” sharing where you can select specific accounts to share between, but I don’t see that coming this year.

The marketplace concept has certainly crossed our minds but so far is not in plan. @Joe Williams that’s a rather interesting anecdote, I’ll have to take a closer look at what they’re doing with XSOAR, thanks.

@Stuart Weenig there was a backend issue that caused issues with the Use Status indexing. To avoid giving you incorrect data, we replaced it with effectively no data until it is resolved in the next release.

@Stuart Weenig yes, that was just the first next place to notate it.

LM probably shouldn’t require security review until you mark it as public. However, since the security review workflow really doesn’t work on anyone’s timelines, they should at least not required it unless it’s going public. That would allow you to move them back and forth between portals.

Alternatively, allowing the author to specify which portals the module is made available to would be an easy to begin monetizing the exchange. Said monetization would reveal all source code in the module though, so there’s no security around it.

Suffice it to say, right now, the main goal of the exchange is just to work. Said work only involves LM getting their modules and module updates out to their customers. Once that (multi-year old) problem is solved, perhaps they can work on actual community exchanges, paid or otherwise.

Yeah, it’s gotta be a stable platform first. I mean the diff in the exchange when pulling in an update is still the raw json.

Is anybody else’s “Use Status” column showing “N/A” for everything?

@Stuart Weenig there was a backend issue that caused issues with the Use Status indexing. To avoid giving you incorrect data, we replaced it with effectively no data until it is resolved in the next release.

Thanks. First mention of it i see is in v199, which we’re not on yet. I assume that was just the first release notes where that issue could be notated?