metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (METRON-35) Implement threat intelligence message enrichment
Date Sat, 13 Feb 2016 20:26:18 GMT


ASF GitHub Bot commented on METRON-35:

Github user cestella commented on the pull request:
    Of course, I have attached a design doc to the [JIRA](
    This is really a single feature as leaving out any part will leave the whole feature nonfunctional.
 It can seem a bit complex, but it fits within the overall architecture built for the enrichments.
 I detailed this and how it fits within the overall architecture in the design doc.

> Implement threat intelligence message enrichment
> ------------------------------------------------
>                 Key: METRON-35
>                 URL:
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Casey Stella
>            Assignee: Casey Stella
>         Attachments: Threat Intelligence Architecture.docx
>   Original Estimate: 336h
>  Remaining Estimate: 336h
> Create the infrastructure to 
> * Bulk ingest threat intelligence feeds from CSV and Stix data sources into HBase
> * Enrich messages who have fields which match the threat intelligence data in HBase
> * Create the infrastructure to remove unused threat intelligence data
> * Augment the Packet capture topology to incorporate a malicious IP threat intel tagger
> The tagging infrastructure much meet the following criteria:
> * They are downstream of the enrichments
> * The threat intelligence bolts execute in parallel with a similar architecture as the
enrichments (i.e. split and join).

This message was sent by Atlassian JIRA

View raw message