Github user cestella commented on the pull request: https://github.com/apache/incubator-metron/pull/131#issuecomment-222363251 The way to validate this is to * Create a second column family on the enrichment HBase table, say `cf1` * Push some enrichment data into the table in that column family. Something similar to the malicious IP's from the blog post. I'd suggest calling the enrichment type `malicious_ip` * Modify the configs for one of the topologies you want to test in `/usr/metron/0.1BETA/config/zookeeper/enrichment` to add a `config` section under `threatIntel` marking that `malicious_ip` should come from column family `cf1` like the following ``` { "index": "bro", "batchSize": 5, "threatIntel": { "fieldMap": { "hbaseThreatIntel" : [ "ip_dst_addr" ] }, "fieldToTypeMap": { "ip_dst_addr" : [ "malicious_ip" ] }, "config" : { "typeToColumnFamily" : { "malicious_ip" : "cf1" } } } } ``` * Run some data through and ensure that enrichments still exist.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---