shane/threatline
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
Shane
2018-11-10 18:32:29 +00:00
parent 525ecff602
commit 2d4155ffce
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README
View File

@@ -1,24 +1,26 @@
Configure Kafka topics (run on one kafka node) ## Installation on FreeBSD
#Configure Kafka topics (run on one kafka node)
doc/kafka_topics.sh doc/kafka_topics.sh
Initialize elasticsearch: #Initialize elasticsearch:
curl -X PUT 'http://<elasticsearch>:9200/threatline' -d@doc/es_mapping.json curl -X PUT 'http://<elasticsearch>:9200/threatline' -d@doc/es_mapping.json
Install service file (FreeBSD): #Install service file:
cp doc/threatline /usr/local/etc/rc.d/threatline cp doc/threatline /usr/local/etc/rc.d/threatline
Enable threatline: #Enable threatline:
sysrc threatline_enable=YES sysrc threatline_enable=YES
sysrc threatline_agents="normalize enrich check archive" sysrc threatline_agents="normalize enrich check archive"
Start threatline: #Start threatline:
service threatline start service threatline start
Monitor logs: #Monitor logs:
tail -f /tmp/tl_worker.log tail -f /tmp/tl_worker.log
Stages: #Stages:
Normalize: Touch-up/rename fields, etc. Normalize: Touch-up/rename fields, etc.
Enrich: Enrich and part of the message. Enrich: Enrich and part of the message.
Check: Checks parts of message (now enriched) against known bad stuff. Check: Checks parts of message (now enriched) against known bad stuff.