Configure enrichers
Configure enrichers to augment intelligence value with additional context obtained from selected intel providers and data sources.
For information about the configuration details of a specific enricher, click the link to the desired enricher under List of enrichers.
If an enricher is not available, you many need to install it on your platform instance.
Download installation packages from https://downloads.eclecticiq.com/Extensions/.
To install the downloaded packages, follow instructions for the OS your platform instance runs on:
Some enrichers may require a paid subscription to the data provider that the enricher pulls data from.
Edit an enricher
Most enrichers have to be configured before you can use them.
To edit an available enricher:
In the left navigation bar, go to Data configuration
> Enrichers.In the Enrichers overview, select an enricher from the list to open it.
Select Edit
.Configure the enricher according to instructions for that enricher.
See the List of enrichers.
Enable and disable enrichers
To be able to run the enricher:
from the context menu in a graph
within an enrichment rule
you must first enable that enricher.
To enable an enricher:
In the left navigation bar, go to Data configuration
> Enrichers.Locate the enricher you want to enable.
For that enricher, select Enabled to enable that enricher.
Clear the selection to disable it.
You can also enable an enricher when editing it:
Edit an enricher.
In the Edit enricher task view, look for the Enabled checkbox.
Select Enabled.
Select Save.
Enricher properties
You can view the properties of an enricher when you open it from teh enricher overview.
The following table lists the properties available for an enricher:
|
Field name |
Description |
|
Name |
Title of the enricher. Usually contains the name of the data vendor the enricher pulls data from. Example: CVE Search Enricher |
|
Description |
Enter a description for this enricher. |
|
Enabled |
Yes or No Enabled enrichers can be access from the graph and may be triggered by enricher rules. |
|
Task name |
When this enricher runs, it appears as the name displayed here in Settings Example: eiq.enrichers.enrich_cve_search |
|
Cache validity (sec) |
2592000 by default. Sets the time (seconds) enrichment data is stored in the cache. |
|
Rate limit (per sec) |
1000 by default. Sets the maximum number of requests the enricher can make per second. |
|
Monthly execution cap (runs) |
100000 by default. Sets the maximum number of times an enricher can run per month. |
|
Current month count |
Displays the number of times the enricher has run for the current calendar month. |
|
Override TLP |
Not set by default. Leave empty to use the TLP colors provided by the data source. Set a TLP color here to override the TLP colors for objects created by this enricher. |
|
Observable types |
Default is different for each enricher. One or more enricher type the enricher is enabled for. |
|
Parameters |
Set per enricher. See List of enrichers for specific instructions per enricher. |
|
Source reliability |
Not set by default Set the default Admiralty Code reliability value for the objects created by this enricher. Example: B - Usually reliable |
|
State |
Displays the state of the enricher. Select to see more information. When the state value returns FAILURE, click the link to view the task execution traceback and to begin troubleshooting. To view traceback content, users need the read traceback-logs permission. |
|
Enrichmenr rules |
Displays the enrichment rules that apply to this enricher. Select an enrichment rule to view it. |
|
Enrichments |
Shows a summary of enrichment executions performed within the last 7 days. |
> System jobs.