shane/threatline
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6 Commits 1 Branch 0 Tags
a14e54c2be2dba22d97bfc7c2da62f57a06636aa
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Shane a14e54c2be Deleted README
2018-11-10 18:34:31 +00:00
doc
initial commit
2018-11-10 13:29:42 -05:00
threatline
initial commit
2018-11-10 13:29:42 -05:00
.gitignore
initial commit
2018-11-10 13:29:42 -05:00
README
Update README
2018-11-10 18:32:29 +00:00
requirements.txt
initial commit
2018-11-10 13:29:42 -05:00
setup.py
initial commit
2018-11-10 13:29:42 -05:00

README 

## Installation on FreeBSD

#Configure Kafka topics (run on one kafka node)
doc/kafka_topics.sh

#Initialize elasticsearch:
curl -X PUT 'http://<elasticsearch>:9200/threatline' -d@doc/es_mapping.json

#Install service file:
cp doc/threatline /usr/local/etc/rc.d/threatline

#Enable threatline:
sysrc threatline_enable=YES
sysrc threatline_agents="normalize enrich check archive"

#Start threatline:
service threatline start

#Monitor logs:
tail -f /tmp/tl_worker.log


#Stages:
Normalize: Touch-up/rename fields, etc.
Enrich: Enrich and part of the message.
Check: Checks parts of message (now enriched) against known bad stuff.
Archive: Push document into elasticsearch. Can also log to file.
Description
No description provided
Readme 931 KiB
Languages
Python 100%