| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| |
| ##### Kafka ##### |
| |
| kafka.zk=zkpr1:2181,zkpr2:2181,zkpr3:2181 |
| spout.kafka.topic.asa=asa |
| spout.kafka.topic.bro=bro_raw |
| spout.kafka.topic.fireeye=fireeye |
| spout.kafka.topic.ise=ise |
| spout.kafka.topic.lancope=lancope |
| spout.kafka.topic.paloalto=paloalto |
| spout.kafka.topic.pcap=pcap |
| spout.kafka.topic.snort=snort |
| spout.kafka.topic.yaf=ipfix |
| |
| ##### ElasticSearch ##### |
| |
| es.ip=10.22.0.214 |
| es.port=9300 |
| es.clustername=elasticsearch |
| |
| ##### MySQL ##### |
| |
| mysql.ip=10.22.0.214 |
| mysql.port=3306 |
| mysql.username=root |
| mysql.password=hadoop123 |
| |
| ##### Metrics ##### |
| |
| #reporters |
| org.apache.metron.metrics.reporter.graphite=true |
| org.apache.metron.metrics.reporter.console=false |
| org.apache.metron.metrics.reporter.jmx=false |
| |
| #Graphite Addresses |
| |
| org.apache.metron.metrics.graphite.address=localhost |
| org.apache.metron.metrics.graphite.port=2023 |
| |
| #TelemetryParserBolt |
| org.apache.metron.metrics.TelemetryParserBolt.acks=true |
| org.apache.metron.metrics.TelemetryParserBolt.emits=true |
| org.apache.metron.metrics.TelemetryParserBolt.fails=true |
| |
| |
| #GenericEnrichmentBolt |
| org.apache.metron.metrics.GenericEnrichmentBolt.acks=true |
| org.apache.metron.metrics.GenericEnrichmentBolt.emits=true |
| org.apache.metron.metrics.GenericEnrichmentBolt.fails=true |
| |
| |
| #TelemetryIndexingBolt |
| org.apache.metron.metrics.TelemetryIndexingBolt.acks=true |
| org.apache.metron.metrics.TelemetryIndexingBolt.emits=true |
| org.apache.metron.metrics.TelemetryIndexingBolt.fails=true |
| |
| ##### Host Enrichment ##### |
| |
| org.apache.metron.enrichment.host.known_hosts=[{"ip":"10.1.128.236", "local":"YES", "type":"webserver", "asset_value" : "important"},\ |
| {"ip":"10.1.128.237", "local":"UNKNOWN", "type":"unknown", "asset_value" : "important"},\ |
| {"ip":"10.60.10.254", "local":"YES", "type":"printer", "asset_value" : "important"}] |
| |
| ##### HDFS ##### |
| |
| bolt.hdfs.batch.size=5000 |
| bolt.hdfs.field.delimiter=| |
| bolt.hdfs.file.rotation.size.in.mb=5 |
| bolt.hdfs.file.system.url=hdfs://iot01.cloud.hortonworks.com:8020 |
| bolt.hdfs.wip.file.path=/paloalto/wip |
| bolt.hdfs.finished.file.path=/paloalto/rotated |
| bolt.hdfs.compression.codec.class=org.apache.hadoop.io.compress.SnappyCodec |
| |
| ##### HBase ##### |
| bolt.hbase.table.name=pcap_test |
| bolt.hbase.table.fields=t:value |
| bolt.hbase.table.key.tuple.field.name=key |
| bolt.hbase.table.timestamp.tuple.field.name=timestamp |
| bolt.hbase.enable.batching=false |
| bolt.hbase.write.buffer.size.in.bytes=2000000 |
| bolt.hbase.durability=SKIP_WAL |
| bolt.hbase.partitioner.region.info.refresh.interval.mins=60 |
| |
| ##### Threat Intel ##### |
| |
| threat.intel.tracker.table= |
| threat.intel.tracker.cf= |
| threat.intel.ip.table= |
| threat.intel.ip.cf= |
| |
