Configure TAXII Extractor Configuration File
After you fetch the latest Hail a TAXII feeds to the TAXII server, you must create an extractor configuration file to bulk load the threat intelligence enrichment store into HBase.
After you fetch the latest Hail a TAXII feeds to the TAXII server, you must create an extractor configuration file to bulk load the threat intelligence enrichment store into HBase.
sudo -s $METRON_HOME
threatintel_extractor_config_temp.json
at
$METRON_HOME/config
and populate it with the threat intelligence
source schema:
{
"config" : {
"columns" : {
"ip" : 0
}
,"indicator_column" : "ip"
,"type" : "malicious_ip"
,"separator" : ","
}
,"extractor" : "STIX"
}
iconv -c -f utf-8 -t ascii threatintel_extractor_config_temp.json -o
threatintel_extractor_config.json