[METRON-35] Implement threat intelligence message enrichment - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Done
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Labels:
- Metron_0.1BETA

Description

Create the infrastructure to

Bulk ingest threat intelligence feeds from CSV and Stix data sources into HBase
Enrich messages who have fields which match the threat intelligence data in HBase
Create the infrastructure to remove unused threat intelligence data
Augment the Packet capture topology to incorporate a malicious IP threat intel tagger

The tagging infrastructure much meet the following criteria:

They are downstream of the enrichments
The threat intelligence bolts execute in parallel with a similar architecture as the enrichments (i.e. split and join).

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Threat Intelligence Architecture.docx
13/Feb/16 20:21
190 kB
Casey Stella

Activity

People

Assignee:: Casey Stella

Reporter:: Casey Stella

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Feb/16 06:43

Updated:: 16/Feb/16 21:09

Resolved:: 16/Feb/16 20:16

Time Tracking

Estimated:

336h

Remaining:

336h

Logged:

Not Specified