Sensor Enrichment Configuration
The sensor enrichment configuration provides enrichments for a given sensor (for example, Snort).
The sensor enrichment configuration includes two types of enrichments: individual sensor enrichments and threat intelligence enrichments. The configuration for both types of enrichments is a complex JSON object with the following top-level fields:
- index
-
The name of the sensor
- batchSize
-
The size of the batch that is written to the indices at once
- enrichment
-
A complex JSON object representing the configuration of the enrichments
- threatIntel
-
A complex JSON object representing the configuration of the threat intelligence enrichments
The remaining configuration differs for the two types of enrichments.