Administration
Also available as:
PDF
loading table of contents...

Adding a New Telemetry Data Source

This section describes how you add a new telemetry data source. Before HCP can process the information from a new telemetry data source, you must use one of the telemetry data collectors to ingest the information into the telemetry ingest buffer. Information moves from the data ingest buffer into the Metron real-time processing security engine, where it is parsed, enriched, triaged, and indexed. Finally, certain telemetry events can initiate alerts that can be assessed in the Metron dashboard.

To add a new telemetry data source, perform the following tasks:

  1. Stream data into HCP

  2. Parse the new datasource to HCP

  3. Verify that events are being indexed

  4. For instructions on how to configure the Metron Dashboard to view the new data source telemetry events, see Hortonworks Cybersecurity User Guide.

The following sections provide steps for each task. You can perform these tasks by using the HCP Management module or CLI. Instructions are provided for both methods.