[jira] [Commented] (METRON-706) Add Stellar transformations and filters to enrichment and threat intel loaders

Wed, 08 Feb 2017 13:28:34 -0800 

    [ 
https://issues.apache.org/jira/browse/METRON-706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15858563#comment-15858563
 ] 

ASF GitHub Bot commented on METRON-706:
---------------------------------------

Github user mmiklavc commented on the issue:

    https://github.com/apache/incubator-metron/pull/445
  
    Note: Per the recent issue in master with Ansible, I tested the following 
as well
    
    * Create threat_ip.csv
    ```
    #
    # Licensed to the Apache Software Foundation (ASF) under one or more
    # contributor license agreements.  See the NOTICE file distributed with
    # this work for additional information regarding copyright ownership.
    # The ASF licenses this file to You under the Apache License, Version 2.0
    # (the "License"); you may not use this file except in compliance with
    # the License.  You may obtain a copy of the License at
    #
    #     http://www.apache.org/licenses/LICENSE-2.0
    #
    # Unless required by applicable law or agreed to in writing, software
    # distributed under the License is distributed on an "AS IS" BASIS,
    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    # See the License for the specific language governing permissions and
    # limitations under the License.
    #
    #Add single column of ip address to alert
    #Public lists are available on the internet
    # example:
    23.113.113.105
    24.107.205.249
    24.108.62.255
    24.224.153.71
    27.4.1.212
    27.131.149.102
    31.24.30.31
    31.131.251.33
    31.186.99.250
    31.192.209.119
    31.192.209.150
    31.200.244.17
    37.34.52.185
    37.58.112.101
    37.99.146.27
    37.128.132.96
    37.140.195.177
    37.140.199.100
    ```
    
    * Uploaded threat_ip.csv to HDFS:
    ```
    hdfs dfs -put -f threat_ip.csv
    ```
    
    * Create extractor.json
    ```
    {
      "config": {
        "columns": {
          "ip": 0
        },
        "indicator_column": "ip",
        "type" : "malicious_ip",
        "separator": ","
      },
      "extractor": "CSV"
    }
    ```
    
    * Run as root user from /root
    ```
    echo "truncate 'threatintel'" | hbase shell && 
/usr/metron/0.3.0/bin/flatfile_loader.sh -c t -t threatintel -e extractor.json 
-i /user/root -m MR
    ```
    
    * Verify the records are there
    ```
    echo "scan 'threatintel'" | hbase shell
    ```


> Add Stellar transformations and filters to enrichment and threat intel loaders
> ------------------------------------------------------------------------------
>
>                 Key: METRON-706
>                 URL: https://issues.apache.org/jira/browse/METRON-706
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Michael Miklavcic
>            Assignee: Michael Miklavcic
>
> This Jira tracks work to add the ability to transform and filter data being 
> loaded into the enrichment and threatintel HBase tables.
> This effort builds on the work in:
> https://issues.apache.org/jira/browse/METRON-678
> and
> https://issues.apache.org/jira/browse/METRON-682



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to