Hortonworks Docs
»
»
Also available as:
Hortonworks Cybersecurity Platform
Introduction to the HCP Runbook
Adding a New Telemetry Data Source
Prerequisites
Stream Data into HCP
OPTIONAL: Install the Squid Package
Install NiFi
Create a NiFi Flow to Stream Events to HCP
Parse the Squid Data Source to HCP
Parse the Squid Telemetry Event
Verify That the Events Are Indexed
Create an Index Template
Add New Data Source to the Metron Dashboard
Configure a New Data Source Index in the Metron Dashboard
Review the New Data Source Data
Transform the Squid Message
Enriching Telemetry Events
Bulk Loading Enrichment Information
OPTIONAL: Create a Mock Enrichment Source
Configure an Extractor Configuration File
Configure Element-to-Enrichment Mapping
Run the Enrichment Loader
Map Fields to HBase Enrichments
OPTIONAL: Global Configuration
Verify That the Events Are Enriched
Enriching Threat Intelligence Information
OPTIONAL: Create a Mock Threat Intel Feed Source
Configure an Extractor Configuration File
Using Stellar Data to Transform Threat Intelligence Data
Configure Element-to-Threat Intelligence Feed Mapping
Run the Threat Intelligence Loader
Map Fields to HBase Enrichments
Verify That the Threat Intel Events Are Enriched
Prioritizing Threat Intelligence
Prerequisites
Threat Triage Examples
Perform Threat Triage
View Triaged Alerts Using Kafka
View Triaged Alerts Using the Metron Dashboard
Configuring Indexing
Default Configuration
Specify Index Parameters
Turn off HDFS Writer
Setting Up a Profile
Install Profiler
Create a Profile
Profiler Configuration Settings
Start the Profiler
Develop Profiles
Testing
Triage Squid Events
Triage Squid Using the Typosquatting Algorithm
Improve Scoring with a Domain Whitelist
Testing
© 2012-2019, Hortonworks, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Hortonworks.com
|
Documentation
|
Support
|
Community