Hortonworks Docs » Hortonworks Cybersecurity Platform 1.8.0 » Runbook Enriching with Threat Intelligence Information
Runbook Enriching with Threat Intelligence Information
Also available as:
PDF

Verify That the Threat Intel Events Are Enriched

By convention, the index where the new messages are indexed is called squid_index_[timestamp] and the document type is squid_doc.

After you finish enriching your new data source, you should verify that the output matches your enrichment information.

From the Alerts UI, search the source:type filter for squid messages.
© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community