Cloudera Docs
»
1.5.0
»
Administration
Administration
Also available as:
Contents
1. HCP Information Roadmap
2. Understanding Hortonworks Cybersecurity Suite
HCP Architecture
Real-Time Processing Security Engine
Telemetry Data Collectors
Data Services and Integration Layer
Understanding HCP Terminology
3. Configuring and Customizing HCP
Adding a New Telemetry Data Source
Telemetry Data Source Parsers Bundled with HCP
Snort
Bro
YAF (NetFlow)
Indexing
pcap
Prerequisites to Adding a New Telemetry Data Source
Understanding Streaming Data into HCP
Streaming Data Using NiFi
Understanding Parsing a New Data Source to HCP
Elasticsearch Type Mapping Changes
Creating a Parser for Your New Data Source by Using the Management Module
Transform Your New Data Source Parser Information by Using the Management Module
Tuning Parser Storm Parmeters
Create a Parser for Your New Data Source by Using the CLI
Verifying That Events Are Indexed
Enriching Telemetry Events
Bulk Loading Enrichment Information
Bulk Loading Sources
Configuring an Extractor Configuration File
Configuring Element-to-Enrichment Mapping
Running the Enrichment Loader
Mapping Fields to HBase Enrichments Using the Management Module
Mapping Fields to HBase Enrichments Using CLI
Streaming Enrichment Information
Configuring Indexing
Understanding Indexing
Default Configuration
Specifying Index Parameters by Using the Management Module
Specifying Index Parameters by Using the CLI
Indexing HDFS Tuning
PCAP Tuning
Turning Off HDFS Writer
Support for Elasticsearch 5.x
Updating Elasticsearch Templates to Work with Elasticsearch 5.x
Updating Existing Indexes to Work with Elasticsearch 5x
Adding X-Pack Extension to Elasticsearch
Troubleshooting Indexing
Preparing to Configure Threat Intelligence
Prerequisites
Bulk Loading Threat Intelligence Information
Bulk Loading Threat Intelligence Sources
Configuring an Extractor Configuration File
Configure Mapping for the Intelligence Feed
Running the Threat Intel Loader
Mapping Fields to HBase Threat Intel by Using the Management Module
Mapping Fields to HBase Threat Intel by Using the CLI
Creating a Streaming Threat Intel Feed Source
Prioritizing Threat Intelligence
Performing Threat Triage Using the Management Module
Performing Threat Triage Using the CLI
Understanding Threat Triage Rule Configuration
Uploading the Threat Triage Configuration to ZooKeeper
Viewing Triaged or Scored Alerts
Setting Up Enrichment Configurations
Sensor Configuration
Understanding Global Configuration
Creating Global Configurations
Understanding the Profiler
Creating an Index Template
Configuring the Metron Dashboard to View the New Data Source Telemetry Events
Setting up pcap to View Your Raw Data
Setting up pycapa
Starting pcap
Installing Fastcapa
Requirements for Installing Fastcapa
Installing Fastcapa Automatically
Installing Fastcapa Manually
Enable Transparent Huge Pages
Install DPDK
Install Librdkafka
Install Fastcapa
Using Fastcapa
Fastcapa Parameters
Environmental Abstraction Layer Parameters
Using Fastcapa in a Kerberized Environment
Troubleshooting Parsers
Storm is Not Receiving Data From a New Data Source
Determining Which Events Are Not Being Processed
4. Monitor and Manage
Understanding Throughput
Updating Properties
Understanding ZooKeeper Configurations
Managing Sensors
Starting a Sensor
Stopping a Sensor
Modifying a Sensor
Deleting a Sensor
Monitoring Sensors
Displaying the Metron Error Dashboard
Default Metron Error Dashboard Section Descriptions
Reloading Metron Templates
Starting and Stopping Parsers
Starting and Stopping Enrichments
Starting and Stopping Indexing
Pruning Data from Elasticsearch
Tuning Apache Solr
Backing Up the Metron Dashboard
Restoring Your Metron Dashboard Backup
5. Concepts
Understanding Parsers
Java Parsers
General Purpose Parsers
Parser Configuration
Example: fieldTransformation Configuration
Enrichment Framework
Sensor Enrichment Configuration
Individual Sensor Enrichments
Stellar Enrichments
Threat Intelligence Enrichments
Using Stellar to Set up Threat Triage Configurations
Global Configuration
Using Stellar for Queries
Using Stellar to Transform Sensor Data Elements
Management Utility
Fastcapa
« Prev
Next »
Troubleshooting Parsers
This section provides some troubleshooting solutions for parser issues.
© 2012–2020, Cloudera, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Cloudera.com
|
Documentation
|
Support
|
Community