GitHub user cestella opened a pull request:
https://github.com/apache/incubator-metron/pull/66
METRON-93: Generalize the HBase threat intel infrastructure to support
enrichments
As it stands, the threat intel infrastructure is awkward. Namely, different
threat intelligence sources must be pushed into separate hbase tables
(malicious_ips separate form malicious_hosts, for instance). We'd rather have
one table where the type is brought into the rowkey. Since this infrastructure
is generalized, also add a simple hbase enrichment adapter.
Furthermore, the configuration for a new enrichment should be added to
zookeeper as part of the data load.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/cestella/incubator-metron MET-129
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/66.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #66
----
commit 3e55257e092c0c5651d7b3b8c69d0d7ccd568fc7
Author: cstella <[email protected]>
Date: 2016-03-21T18:50:38Z
Refactoring extractor framework to not use ThreatIntel anymore
commit 225ab51498c9bb978246a0ce1449d0dc97bbed97
Author: cstella <[email protected]>
Date: 2016-03-21T20:43:19Z
Updating dataloads to not use threatintelkey/value anymore.
commit 72b3b0ec9814902c21774a7b0f486ee5af19d97a
Author: cstella <[email protected]>
Date: 2016-03-22T14:21:30Z
Refactoring out the threat intel adapter stuff.
commit 6e4501d101ac41b407867c85ec76de0d31bc34b2
Author: cstella <[email protected]>
Date: 2016-03-23T18:13:24Z
Updating test yaml.
commit 72eea03e35412f8720c0612776ced4709cca9697
Author: cstella <[email protected]>
Date: 2016-03-24T15:44:51Z
Updating other adapters to use the new scheme.
commit b75c38a6343164aa050dba713f14322f861d6d78
Author: cstella <[email protected]>
Date: 2016-03-24T16:21:22Z
Updating configuredbolt to not load configs unnecessarily.
commit 998f69e9d20396a55ccfeec07238b6b22fa386cf
Author: cstella <[email protected]>
Date: 2016-03-24T19:07:39Z
updating
commit 3233e517b128de24dbfa5c2e9e58dcf32c1c876d
Author: cstella <[email protected]>
Date: 2016-03-25T14:07:04Z
fixing utilities to update zookeeper.
commit 15bfed855815931fd1ed068c47506b5a039a5bfe
Author: cstella <[email protected]>
Date: 2016-03-28T17:32:12Z
updated ansible
commit 0c58f2c32891e251c354ab23b09cc3db29ece817
Author: cstella <[email protected]>
Date: 2016-03-28T17:36:48Z
Merge branch 'master' into MET-129
commit 19e3d94b5b2ee08498eee5b76d8e1479caa1c3ed
Author: cstella <[email protected]>
Date: 2016-03-28T18:57:42Z
Whoops.
commit 00beb07eee99fc18e1d6f10530fa1c848889c3dc
Author: cstella <[email protected]>
Date: 2016-03-29T16:58:20Z
Added test.
commit 2551af972e026add7eb4fecc5506907841456625
Author: cstella <[email protected]>
Date: 2016-03-29T18:16:13Z
Unfolding the data in hbase before it goes into the index.
commit 0b0a62c2eca8ee1d8a72a6602e46c75200923ac0
Author: cstella <[email protected]>
Date: 2016-03-30T14:20:06Z
Updating bolt.
commit 79dcbfff208aefd2bbfac09482dcaa393db39171
Author: cstella <[email protected]>
Date: 2016-03-30T21:02:52Z
Updating to support multiget, etc.
commit d079c5d6df3248c68d1dd5304e1e257f7899a2c3
Author: cstella <[email protected]>
Date: 2016-03-31T19:01:24Z
updating ansible.
commit 520cbf7350fdc43d09e769530d343d7aad5ee815
Author: cstella <[email protected]>
Date: 2016-04-01T14:07:29Z
adding shell script
commit b4fc71e0a18ba9f2b897c3b01e16093903ed100a
Author: cstella <[email protected]>
Date: 2016-04-01T14:37:49Z
Merging from master
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
