Example 1 with ThreatIntelConfig
use of org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig in project metron by apache.
the class SensorEnrichmentConfigServiceImplTest method getTestSensorEnrichmentConfig.
private SensorEnrichmentConfig getTestSensorEnrichmentConfig() {
SensorEnrichmentConfig sensorEnrichmentConfig = new SensorEnrichmentConfig();
EnrichmentConfig enrichmentConfig = new EnrichmentConfig();
enrichmentConfig.setFieldMap(new HashMap() {
{
put("geo", Arrays.asList("ip_dst_addr"));
}
});
sensorEnrichmentConfig.setEnrichment(enrichmentConfig);
ThreatIntelConfig threatIntelConfig = new ThreatIntelConfig();
threatIntelConfig.setFieldMap(new HashMap() {
{
put("hbaseThreatIntel", Arrays.asList("ip_src_addr"));
}
});
threatIntelConfig.setFieldToTypeMap(new HashMap() {
{
put("ip_src_addr", Arrays.asList("malicious_ip"));
}
});
sensorEnrichmentConfig.setThreatIntel(threatIntelConfig);
return sensorEnrichmentConfig;
}
Also used :
ThreatIntelConfig(org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig)
HashMap(java.util.HashMap)
SensorEnrichmentConfig(org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig)
EnrichmentConfig(org.apache.metron.common.configuration.enrichment.EnrichmentConfig)
SensorEnrichmentConfig(org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig)
Aggregations
HashMap (java.util.HashMap)1
EnrichmentConfig (org.apache.metron.common.configuration.enrichment.EnrichmentConfig)1
SensorEnrichmentConfig (org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig)1
ThreatIntelConfig (org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig)1
