Versions Compared

Old Version 3

changes.mady.by.user George Vetticaden

Saved on

compared with

New Version 4

changes.mady.by.user George Vetticaden

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For each message we will assign the maximum score across all conditions as the triage score.  This translates into the following configuration:

{

 

...

  ,"threatIntel" : {
            ...
           , "triageConfig" : {
                     "riskLevelRules" : {
                                 "exists(threatintels.hbaseThreatIntel.url.zeusList)" : 5
                               , "not(ENDS_WITH(url, '.com') or ENDS_WITH(url, '.net'))" : 10
                                        }
                     ,"aggregator" : "MAX"
                             }
                  }

Image Added

...

Step 3: Upload the threat triage configuration to Zookeeper

...