Two months ago, the Metron Engineering and PM team released Technical Preview 1 of Apache Metron based on the 0.1 release. We shared our vision for an open community based cybersecurity solution that provides real-time, cross-referenced and contextualized big data to combat cyber threats.
As the above diagram illustrates, Apache Metron provides a real-time security stream processing pipeline to parse, enrich, apply threat intel, triage and store telemetry events generated from the diverse classes of data sources.
Metron exposes a Telemetry Ingest Buffer as a gateway into the pipeline which allows tools like Apache NiFi to stream data into the platform or with custom performant network data collectors that are part of Metron that stream data like pcap and netflow into the platform. Once the processing pipeline completes, Metron exposes a set of data services and integration that powers or will power a set of extensible modules that support the following capabilities:
Since the first tech preview released on April 19 2016, the Apache Metron community has been hard at work on Apache Metron Technical Preview 2 (TP2) which is based on the Apache Metron 0.2 release. Apache Metron is designed on four core functional themes to meet the specific user needs of SOC personnel and we are excited to announce today that Metron TP2 has new areas of functionality to address these personas. New capabilities available through TP2 are: accelerated threat triage capability, that alleviates the time-consuming, serial nature of threat triage today, and expanded deployment options that allows Metron to be installed anywhere – on-prem, or in the cloud.
With TP2, we focused on 3 user personas: SOC Analyst, Investigator and the Security Platform Engineer. For these 3 personas, TP2 delivers the following capabilities across the 4 functional themes described above.
With support of provisioning Metron on any Ambari managed HDP 2.4 cluster, you can now spin up Metron TP2 in two ways:
Hortonworks has created a new Community Cybersecurity Track in HCC. Metron subject matter experts are answering questions and moderating the new Track for anything related to Apache Metron and Cybersecurity. When asking a question about Metron TP2, select “CyberSecurity” Track and add the following tags: “Metron” and “tech-preview”.
See below for more details: