Sensor Enrichment Configuration
The sensor enrichment configuration configures enrichments for a given sensor (for example, Snort). The sensor enrichment configuration configures two types of enrichments: individual sensor enrichments and threat intelligence enrichments. The configuration for both types of enrichments is a complex JSON object with the following top-level fields:
- index
The name of the sensor
- batchSize
The size of the batch that is written to the indices at once
- enrichment
A complex JSON object representing the configuration of the enrichments
- threatIntel
A complex JSON object representing the configuration of the threat intelligence enrichments
The remaining configuration differs for the two types of enrichments. See the following sections for information about both of these configuration types.