Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Map Fields to HBase Enrichments Using the Management Module

After you establish dataflow to the HBase table, you must use the HCP Management module or the CLI to ensure that the enrichment topology is enriching the data flowing past. You can use the Management module to refine the parser output in three ways: transformations, enrichments, threat intel.

Your sensor must be running and producing data to load sample data.
  1. From the list of sensors in the main window, select your new sensor.
  2. Click the pencil icon in the toolbar.
    The Management module displays the sensor panel for the new sensor.
  3. In the Schema panel, click .
  4. Review the resulting message, field, and value information displayed in the Schema panel.
    The Sample field displays a parsed version of a sample message from the sensor. The Management module tests your transformations against these parsed messages.
    You can use the right and left arrow to view the parsed version of each sample message available from the sensor.
  5. Apply transformations to an existing field by clicking or create a new field by clicking .
  6. If you create a new field, complete the fields.
  7. Click SAVE.
  8. If you want to suppress fields from showing in the Index, click .
  9. Click SAVE.