Configure Mapping for the Intelligence Feed
After you configure an extractor configuration file, you must configure which element of a tuple to cross-reference with which threat intelligence feed. This configuration is stored in ZooKeeper.
Hortonworks Cybersecurity Platform
Also available as:
- HCP Information Roadmap
- HCP Architecture
- HCP Terminology
- Adding a New Telemetry Data Source
- Telemetry Data Source Parsers Bundled with HCP
- Prerequisites to Adding a New Telemetry Data Source
- Streaming Data into HCP Overview
- Stream Data Using NiFi
- Understanding Parsing a New Data Source to HCP
- Create a Parser for Your New Data Source by Using the Management Module
- Transform Your New Data Source Parser Information by Using the Management Module
- Tune Parser Storm Parameters by Using the Management Module
- Create a Parser for Your New Data Source by Using the CLI
- Verify That Events Are Indexed
- Enriching Telemetry Events
- Setting Up Enrichment Configurations
- Bulk Loading Sources
- Configure an Extractor Configuration File
- Configure Element-to-Enrichment Mapping
- Run the Enrichment Loader
- Map Fields to HBase Enrichments Using the Management Module
- Map Fields to HBase Enrichments Using CLI
- Stream Enrichment Information
- Understanding Global Configuration
- Create Global Configurations
- Configuring Indexing
- Configuring Threat Intelligence
- Bulk Loading Threat Intelligence Sources
- Configure an Extractor Configuration File
- Configure Mapping for the Intelligence Feed
- Run the Threat Intel Loader
- Map Fields to HBase Threat Intel by Using the Management Module
- Map Fields to HBase Threat Intel by Using the CLI
- Create a Streaming Threat Intel Feed Source
- Prioritizing Threat Intelligence
- Syncing With the Metron Dashboard
- Setting up pcap to View Your Raw Data
- Troubleshooting Parsers
- Monitor and Manage
- Concepts