Details
-
New Feature
-
Status: Done
-
Major
-
Resolution: Done
-
None
-
None
Description
Create the infrastructure to
- Bulk ingest threat intelligence feeds from CSV and Stix data sources into HBase
- Enrich messages who have fields which match the threat intelligence data in HBase
- Create the infrastructure to remove unused threat intelligence data
- Augment the Packet capture topology to incorporate a malicious IP threat intel tagger
The tagging infrastructure much meet the following criteria:
- They are downstream of the enrichments
- The threat intelligence bolts execute in parallel with a similar architecture as the enrichments (i.e. split and join).