Setting Up Enrichment Configurations
The `enrichment` topology is a topology dedicated to taking the data from the parsing topologies that have been normalized into the Metron data format (for example, a JSON Map structure with `original_message` and `timestamp`) and
Enriching messages with external data from data stores (for example, hbase) by adding new fields based on existing fields in the messages.
Marking messages as threats based on data in external data stores.
Marking threat alerts with a numeric triage level based on a set of Stellar rules.
The configuration for the `enrichment` topology, the topology primarily responsible for enrichment and threat intelligence enrichment, is defined by JSON documents stored in zookeeper.
There are two types of configurations, `global` and `sensor` specific.