Individual Sensor Enrichments
Hortonworks Cybersecurity Platform (HCP) includes three individual sensor enrichments.
HCP includes the following individual sensor enrichments:
- Geo
- 
               Provides GeoIP information, which includes coordinates, city, state, and country information, to any external IP address. 
- Asset
- 
               Provides the host name for an IP address. If the IP address is known, then the enrichment provides everything else that is known of the asset from the LDAP, AD, or enterprise inventory stores. 
- User
- 
               Provides the user that owns the session or alert associated with the IP-application pair. 
The JSON documents for the individual enrichment configurations are structured as follows:
| Field | Description | Example | 
|---|---|---|
| fieldToTypeMap | In the case of a simple HBase enrichment, you must specify the mapping between fields and the enrichment types associated with those fields. You must also specify the enrichment type for the HBase key. | "fieldToTypeMap" : { 
"ip_src_addr" : [ 
"asset_enrichment" ] } | 
| fieldMap | The map of enrichment bolts names to configuration handlers that know how to divide the message. The simplest map is just a list of fields. More complex maps consist of tellar enrichment which provides tellar statements. Each field is sent to the enrichment referenced in the key. | "fieldMap": 
{"hbaseEnrichment": 
["ip_src_addr","ip_dst_addr"]} | 
| config | The general configuration of the enrichment. | "config": 
{"typeToColumnFamily": { 
"asset_enrichment" : "cf" } } | 
The config map contains enrichment-specific configurations. For
          example, hbaseEnrichment specifies the mappings between the enrichment
          types to the column families.
fieldMap contents contain the routing and configuration
          information for the enrichments. Routing defines how the message is divided and sent to
          the enrichment adapter bolts. The simplest fieldMapcontents provides a
          simple list, such as the following
           "fieldMap": {
      "geo": [
        "ip_src_addr",
        "ip_dst_addr"
      ],
      "host": [
        "ip_src_addr",
        "ip_dst_addr"
      ],
      "hbaseEnrichment": [
        "ip_src_addr",
        "ip_dst_addr"
      ]
      }
      Based on this sample configuration, both ip_src_addr and
            ip_dst_addr go to the geo, host, and
            hbaseEnrichment adapter bolts.

