THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
For each message we will assign the maximum score across all conditions as the triage score. This translates into the following configuration:
{
...
,"threatIntel" : {
...
, "triageConfig" : {
"riskLevelRules" : {
"exists(threatintels.hbaseThreatIntel.url.zeusList)" : 5
, "not(ENDS_WITH(url, '.com') or ENDS_WITH(url, '.net'))" : 10
}
,"aggregator" : "MAX"
}
}
...
Step 3: Upload the threat triage configuration to Zookeeper
...