Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Threat Intel not adding additional fields to streaming records wich are present in HBASE

Highlighted

Threat Intel not adding additional fields to streaming records wich are present in HBASE

New Contributor

Hi

Using HCP 1.7.1

I have the following data loaded into HBASE 'threatintel' table

https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

Added ',abuse.ch' at end of each line.

Then created the extractor config which looks like this

{

"config" : {

"columns" : { "domain" : 0 ,"source" : 1 } ,

"indicator_column" : "domain" ,

"type" : "zeusList" ,

"separator" : "," } ,

"extractor" : "CSV"

}

However when the records get enriched and indexed they only contain this field in the elasticsearch document

"threatintels:hbaseThreatIntel:domain_without_subdomains:zeusList": "alert"

It does not contain the threatintel.source or threatintel.domain field. Is it supposed to be like that?

Thanks!