Run Book
Also available as:

Chapter 2. Adding a New Telemetry Data Source

This section describes how to add a telemetry data source to Hortonworks Cybersecurity Platform (HCP).

For our examples, we will use the Squid data source as our new telemetry data source.

To add the Squid telemetry data source, perform the following tasks:

Meet Prerequisites

Before you can add a new telemetry data source you must meet the user requirements listed in this section.

Stream Data Into HCP

The first step in adding a new data source telemetry is to stream all raw events from the telemetry data source into its own Kafka topic.

Parse the Squid Data Source to HCP

Parsers transform raw data (textual or raw bytes) into JSON messages suitable for downstream enrichment and indexing by HCP. You must create a parser for each new data source.

Add New Data Source to Dashboard

After a new data telemetry source has been added to HCP, you must add it to the Metron dashboard before you can create queries and filters for it and add telemetry panels displaying its data.