28 lines
765 B
Markdown
28 lines
765 B
Markdown
# Stages
|
|
**Normalize**: Touch-up/rename fields, etc.
|
|
**Enrich**: Enrich and part of the message.
|
|
**Check**: Checks parts of message (now enriched) against known bad stuff.
|
|
**Archive**: Push document into elasticsearch. Can also log to file.
|
|
|
|
## Installation on FreeBSD
|
|
|
|
### Configure Kafka topics (run on one kafka node)
|
|
`doc/kafka_topics.sh`
|
|
|
|
### Initialize elasticsearch
|
|
`curl -X PUT 'http://<elasticsearch>:9200/threatline' -d@doc/es_mapping.json`
|
|
|
|
### Install service file
|
|
`cp doc/threatline /usr/local/etc/rc.d/threatline`
|
|
|
|
### Enable threatline
|
|
`sysrc threatline_enable=YES`
|
|
`sysrc threatline_agents="normalize enrich check archive"`
|
|
|
|
### Start threatline
|
|
`service threatline start`
|
|
|
|
### Monitor logs
|
|
`tail -f /tmp/tl_worker.log`
|
|
|