OPTIONAL: Create a Mock Enrichment Source
For our runbook demonstration, we create a mock enrichment source. In your production environment you will want to use a genuine enrichment source.
To create a mock enrichment source, complete the following steps:
As root user, log into $HOST_WITH_ENRICHMENT_TAG.
sudo -s $HOST_WITH_ENRICHMENT_TAG
Copy and paste the following data into a file called
whois_ref.csv
in$METRON_HOME/config
. This CSV file represents our enrichment source.google.com, "Google Inc.", "US", "Dns Admin",874306800000 work.net, "", "US", "PERFECT PRIVACY, LLC",788706000000 capitalone.com, "Capital One Services, Inc.", "US", "Domain Manager",795081600000 cisco.com, "Cisco Technology Inc.", "US", "Info Sec",547988400000 cnn.com, "Turner Broadcasting System, Inc.", "US", "Domain Name Manager",748695600000 news.com, "CBS Interactive Inc.", "US", "Domain Admin",833353200000 nba.com, "NBA Media Ventures, LLC", "US", "C/O Domain Administrator",786027600000 espn.com, "ESPN, Inc.", "US", "ESPN, Inc.",781268400000 pravda.com, "Internet Invest, Ltd. dba Imena.ua", "UA", "Whois privacy protection service",806583600000 hortonworks.com, "Hortonworks, Inc.", "US", "Domain Administrator",1303427404000 microsoft.com, "Microsoft Corporation", "US", "Domain Administrator",673156800000 yahoo.com, "Yahoo! Inc.", "US", "Domain Administrator",790416000000 rackspace.com, "Rackspace US, Inc.", "US", "Domain Admin",903092400000 1and1.co.uk, "1 & 1 Internet Ltd","UK", "Domain Admin",943315200000
Make sure you don't have an empty newline character as the last line of the CSV file, as that will result in a null pointer exception.