You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "Casey Stella (JIRA)" <ji...@apache.org> on 2016/04/01 16:36:25 UTC
[jira] [Created] (METRON-93) Generalize the HBase threat intel
infrastructure to support enrichments
Casey Stella created METRON-93:
----------------------------------
Summary: Generalize the HBase threat intel infrastructure to support enrichments
Key: METRON-93
URL: https://issues.apache.org/jira/browse/METRON-93
Project: Metron
Issue Type: Improvement
Reporter: Casey Stella
Assignee: Casey Stella
As it stands, the threat intel infrastructure is awkward. Namely, different threat intelligence sources must be pushed into separate hbase tables (malicious_ips separate form malicious_hosts, for instance). We'd rather have one table where the type is brought into the rowkey. Since this infrastructure is generalized, also add a simple hbase enrichment adapter.
Furthermore, the configuration for a new enrichment should be added to zookeeper as part of the data load.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)