You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Casey Stella (JIRA)" <ji...@apache.org> on 2016/02/13 07:43:18 UTC

[jira] [Created] (METRON-35) Implement threat intelligence message enrichment

Casey Stella created METRON-35:
----------------------------------

             Summary: Implement threat intelligence message enrichment
                 Key: METRON-35
                 URL: https://issues.apache.org/jira/browse/METRON-35
             Project: Metron
          Issue Type: New Feature
            Reporter: Casey Stella
            Assignee: Casey Stella


Create the infrastructure to 
* Bulk ingest threat intelligence feeds from CSV and Stix data sources into HBase
* Enrich messages who have fields which match the threat intelligence data in HBase
* Create the infrastructure to remove unused threat intelligence data
* Augment the Packet capture topology to incorporate a malicious IP threat intel tagger

The tagging infrastructure much meet the following criteria:
* They are downstream of the enrichments
* The threat intelligence bolts execute in parallel with a similar architecture as the enrichments (i.e. split and join).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)