Run the Threat Intel Loader

After you define the threat intelligence source, threat intelligence extractor, and threat intelligence mapping configuration, you must run the loader to move the data from the threat intelligence source to the Metron threat intelligence store and to store the enrichment configuration in ZooKeeper.

1. Log in to $HOST_WITH_ENRICHMENT_TAG as root.
2. Run the loader:

   $METRON_HOME/bin/flatfile_loader.sh -n enrichment_config.json -i domainblocklist.csv -t threatintel -c t -e extractor_config.json

   This command adds the threat intelligence data into HBase and establishes a ZooKeeper mapping. The data is extracted using the extractor and configuration defined in the extractor_config.json file and populated into an HBase table called threatintel.
3. Verify that the logs are properly ingested to HBase:

   hbase shell
   scan 'threatintel'

   You should see a configuration for the sensor that looks something like the following:

   
   
   

4. Generate some data to populate the Metron dashboard.