[
https://issues.apache.org/jira/browse/METRON-93?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David M. Lyle updated METRON-93:
--------------------------------
Fix Version/s: 0.2.1BETA
> Generalize the HBase threat intel infrastructure to support enrichments
> -----------------------------------------------------------------------
>
> Key: METRON-93
> URL: https://issues.apache.org/jira/browse/METRON-93
> Project: Metron
> Issue Type: Improvement
> Reporter: Casey Stella
> Assignee: Casey Stella
> Fix For: 0.2.1BETA
>
> Original Estimate: 504h
> Remaining Estimate: 504h
>
> As it stands, the threat intel infrastructure is awkward. Namely, different
> threat intelligence sources must be pushed into separate hbase tables
> (malicious_ips separate form malicious_hosts, for instance). We'd rather
> have one table where the type is brought into the rowkey. Since this
> infrastructure is generalized, also add a simple hbase enrichment adapter.
> Furthermore, the configuration for a new enrichment should be added to
> zookeeper as part of the data load.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
