shane/threatline
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
11 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Shane 24148713ae Update README.md
2019-01-17 22:03:45 +00:00
doc
initial commit
2018-11-10 13:29:42 -05:00
threatline
initial commit
2018-11-10 13:29:42 -05:00
.gitignore
initial commit
2018-11-10 13:29:42 -05:00
README.md
Update README.md
2019-01-17 22:03:45 +00:00
requirements.txt
initial commit
2018-11-10 13:29:42 -05:00
setup.py
initial commit
2018-11-10 13:29:42 -05:00

README.md

Stages

Normalize: Touch-up/rename fields, etc.
Enrich: Enrich and part of the message.
Check: Checks parts of message (now enriched) against known bad stuff.
Archive: Push document into elasticsearch. Can also log to file.

Installation on FreeBSD

Configure Kafka topics (run on one kafka node)

doc/kafka_topics.sh

Initialize elasticsearch

curl -X PUT 'http://<elasticsearch>:9200/threatline' -d@doc/es_mapping.json

Install service file

cp doc/threatline /usr/local/etc/rc.d/threatline

Enable threatline

sysrc threatline_enable=YES
sysrc threatline_agents="normalize enrich check archive"

Start threatline

service threatline start

Monitor logs

tail -f /tmp/tl_worker.log

Description
No description provided
Readme 931 KiB
Languages
Python 100%