[
https://issues.apache.org/jira/browse/METRON-93?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15225209#comment-15225209
]
ASF GitHub Bot commented on METRON-93:
--------------------------------------
Github user dlyle65535 commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/66#discussion_r58461859
--- Diff:
metron-streaming/Metron-Common/src/test/java/org/apache/metron/enrichment/EnrichmentConfigTest.java
---
@@ -0,0 +1,253 @@
+package org.apache.metron.enrichment;
+
+import org.apache.metron.Constants;
+import org.apache.metron.domain.SourceConfig;
+import org.apache.metron.utils.JSONUtils;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class EnrichmentConfigTest {
+ @Test
+ public void testThreatIntel() throws Exception {
+ /*
+ {
+ "index": "bro",
--- End diff --
I'd get rid of them too. I suspect they'll quickly get out of sync and
become misleading. Maybe go ahead and add in multiline or just use a resource
file?
> Generalize the HBase threat intel infrastructure to support enrichments
> -----------------------------------------------------------------------
>
> Key: METRON-93
> URL: https://issues.apache.org/jira/browse/METRON-93
> Project: Metron
> Issue Type: Improvement
> Reporter: Casey Stella
> Assignee: Casey Stella
> Original Estimate: 504h
> Remaining Estimate: 504h
>
> As it stands, the threat intel infrastructure is awkward. Namely, different
> threat intelligence sources must be pushed into separate hbase tables
> (malicious_ips separate form malicious_hosts, for instance). We'd rather
> have one table where the type is brought into the rowkey. Since this
> infrastructure is generalized, also add a simple hbase enrichment adapter.
> Furthermore, the configuration for a new enrichment should be added to
> zookeeper as part of the data load.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
