You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Casey Stella (JIRA)" <ji...@apache.org> on 2016/04/01 16:36:25 UTC

[jira] [Created] (METRON-93) Generalize the HBase threat intel infrastructure to support enrichments

Casey Stella created METRON-93:
----------------------------------

             Summary: Generalize the HBase threat intel infrastructure to support enrichments
                 Key: METRON-93
                 URL: https://issues.apache.org/jira/browse/METRON-93
             Project: Metron
          Issue Type: Improvement
            Reporter: Casey Stella
            Assignee: Casey Stella


As it stands, the threat intel infrastructure is awkward.  Namely, different threat intelligence sources must be pushed into separate hbase tables (malicious_ips separate form malicious_hosts, for instance).  We'd rather have one table where the type is brought into the rowkey.  Since this infrastructure is generalized, also add a simple hbase enrichment adapter.

Furthermore, the configuration for a new enrichment should be added to zookeeper as part of the data load.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)