Configure Mapping for the Intelligence Feed - Hortonworks Cybersecurity Package

Administration

Also available as:

PDF

Contents

loading table of contents...

Configure Mapping for the Intelligence Feed

Configure the mapping for the element-to-threat intelligence feed.
This step configures which element of a tuple to cross-reference with which threat intelligence feed. This configuration is stored in ZooKeeper.
1. Log in as root user to the host on which Metron is installed.
2. Cut and paste the following file into a file called enrichment_config_temp.json":
```
{
     "zkQuorum" : "$ZOOKEEPER_HOST:2181"
    ,"sensorToFieldList" : {
     "$DATASOURCE" : {
          "type" : "THREAT_INTEL"
         ,"fieldToEnrichmentTypes" : {
               "domain_without_subdomains" : [ "zeusList" ]
          }
     }
   }
}
```
3. Remove the non-ASCII characters:
```
iconv -c -f utf-8 -t ascii enrichment_config_temp.json -o enrichment_config.json
```