THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
The input to this topology is the normalized Metron JSON produced by the Parser/Normalizing Topology. The output of this topology is written to a number of data stores supported by Metron. There are two streams: a message stream and an enrichment stream(s). The message stream carries the original message, while the enrichment stream tack on additional enrichments or pieces of threat intelligence to the message.
| View file | ||||
|---|---|---|---|---|
|
| Bolt Name | Functionality | References |
|---|---|---|
| Enrichment Splitter | ||
| Enrichment Bolt | ||
| Enrichment Joiner Bolt | ||
| Threat Intel Splitter Bolt | ||
| Threat Intel Bolt | ||
| Threat Intel Joiner Bolt | ||
| Writer Bolt |