Hortonworks Cybersecurity Platform
Also available as:
loading table of contents...

Configuring Threat Intelligence

The threat intelligence topology takes a normalized JSON message and cross references it against threat intelligence, tags it with alerts if appropriate, runs the results against the scoring component of machine learning models where appropriate, and stores the telemetry in a data store.

Prior to configuring threat intelligence, you must meet the following requirements:
  • Choose your threat intelligence sources
  • As a best practice, install a threat intelligence feed aggregator, such as SoltraEdge
  • Mark messages as threats based on data in external data stores

  • Mark threat alerts with a numeric triage level based on a set of Stellar rules