Hortonworks Docs » Hortonworks Cybersecurity Platform 1.5.1 » Hortonworks Cybersecurity Platform
Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Configure Element-to-Enrichment Mapping

Configure which element of a tuple should be enriched with which enrichment type. This configuration is stored in Apache ZooKeeper.

  1. On the host with Metron installed, log in as root.
  2. Cut and paste the following syntax into a file called enrichment_config_temp.json, being sure to customize $ZOOKEEPER_HOST and $DATASOURCE to your specific values, where $DATASOURCE refers to the name of the data source you use to bulk load the enrichment: 
    {
     "zkQuorum" : "$ZOOKEEPER_HOST:2181"
    ,"sensorToFieldList" : {
          "$DATASOURCE" : {
             "type" : "ENRICHMENT"
            ,"fieldToEnrichmentTypes" : {
                 "domain_without_subdomains" : [ "whois" ]
              }
          }
    }
}
  3. Remove any non-ASCII invisible characters in the pasted syntax in Step 2: 
    iconv -c -f utf-8 -t ascii enrichment_config_temp.json -o enrichment_config.json
© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community