Understanding Enrichment
Also available as:
PDF

Sensor Enrichment Configuration

The sensor enrichment configuration provides enrichments for a given sensor (for example, Snort).

The sensor enrichment configuration includes two types of enrichments: individual sensor enrichments and threat intelligence enrichments. The configuration for both types of enrichments is a complex JSON object with the following top-level fields:

index

The name of the sensor

batchSize

The size of the batch that is written to the indices at once

enrichment

A complex JSON object representing the configuration of the enrichments

threatIntel

A complex JSON object representing the configuration of the threat intelligence enrichments

The remaining configuration differs for the two types of enrichments.