Uploaded image for project: 'Metron'
  1. Metron
  2. METRON-35

Implement threat intelligence message enrichment

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Done
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:

      Description

      Create the infrastructure to

      • Bulk ingest threat intelligence feeds from CSV and Stix data sources into HBase
      • Enrich messages who have fields which match the threat intelligence data in HBase
      • Create the infrastructure to remove unused threat intelligence data
      • Augment the Packet capture topology to incorporate a malicious IP threat intel tagger

      The tagging infrastructure much meet the following criteria:

      • They are downstream of the enrichments
      • The threat intelligence bolts execute in parallel with a similar architecture as the enrichments (i.e. split and join).

        Attachments

          Activity

            People

            • Assignee:
              cestella Casey Stella
              Reporter:
              cestella Casey Stella
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 336h
                336h
                Remaining:
                Remaining Estimate - 336h
                336h
                Logged:
                Time Spent - Not Specified
                Not Specified