Setting up the Metron Enrichment
You need to modify the enrichment.properties file to match your HCP
configuration.
To modify the enrichment properties file, complete the following steps:
Open the
METRON_HOME/config/enrichment.propertiesfile:vi METRON_HOME/config/enrichment.properties
Modify the following Kafka entries to reflect your configuration:
kafka.zk={{zookeeper_quorum}} kafka.broker={{kafka_brokers}} enrichment.output.topic=indexingAdd the following text above #### Threat Intel ####:
##### Host Enrichment ##### hbase.provider.impl=org.apache.metron.hbase.HTableProvider enrichment.simple.hbase.table=enrichment enrichment.simple.hbase.cf=t
Replace the Threat Intel text with the following:
threat.intel.tracker.table=access_tracker threat.intel.tracker.cf=t threat.intel.simple.hbase.table=threatintel threat.intel.simple.hbase.cf=t threat.intel.ip.table= threat.intel.ip.cf=