shane/threatline
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Shane
2018-11-10 18:37:43 +00:00
parent db282aa3c2
commit 23e40b92b9
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@@ -1,26 +1,26 @@
## Installation on FreeBSD ## Installation on FreeBSD
#Configure Kafka topics (run on one kafka node) # Configure Kafka topics (run on one kafka node)
doc/kafka_topics.sh doc/kafka_topics.sh
#Initialize elasticsearch: # Initialize elasticsearch
curl -X PUT 'http://<elasticsearch>:9200/threatline' -d@doc/es_mapping.json curl -X PUT 'http://<elasticsearch>:9200/threatline' -d@doc/es_mapping.json
#Install service file: # Install service file
cp doc/threatline /usr/local/etc/rc.d/threatline cp doc/threatline /usr/local/etc/rc.d/threatline
#Enable threatline: # Enable threatline
sysrc threatline_enable=YES sysrc threatline_enable=YES
sysrc threatline_agents="normalize enrich check archive" sysrc threatline_agents="normalize enrich check archive"
#Start threatline: # Start threatline
service threatline start service threatline start
#Monitor logs: # Monitor logs
tail -f /tmp/tl_worker.log tail -f /tmp/tl_worker.log
#Stages: # Stages
Normalize: Touch-up/rename fields, etc. Normalize: Touch-up/rename fields, etc.
Enrich: Enrich and part of the message. Enrich: Enrich and part of the message.
Check: Checks parts of message (now enriched) against known bad stuff. Check: Checks parts of message (now enriched) against known bad stuff.