Configure Element-to-Threat Intelligence Feed Mapping

You now need to configure what element of a tuple should be enriched with what enrichment type. This configuration is stored in ZooKeeper.

Log in as root user to the host that has Metron installed.
```
sudo -s $METRON_HOME
```
Copy and paste the following into a file called threatintel_config_temp.json at $METRON_HOME/config.
```
{
  "zkQuorum" : "localhost:2181"
 ,"sensorToFieldList" : {
    "squid" : {
           "type" : "THREAT_INTEL"
          ,"fieldToEnrichmentTypes" : {
             "domand_without_subdomains" : [ "zeusList" ]
                                      }
           }
                        }
}
```
This step configures which element of a tuple to cross-reference with which threat intelligence feed. This configuration is stored in ZooKeeper.

You must specify the following:
- The ZooKeeper quorum which holds the cluster configuration
- The mapping between the fields in the enriched documents and the enrichment types.
This configuration allows the ingestion tools to update ZooKeeper post-ingestion so that the enrichment topology can take advantage immediately of the new type.
Remove any non-ASCII invisible characters that might have been included if you copy and pasted:
```
iconv -c -f utf-8 -t ascii threat_intel_config_temp.json -o threat_intel_config.json
```