Apache Metron Overview and CodeLab: Building the Next Generation Cyber Security Analytics Platform to Find the Needle in the Haystack
Free. Register Today. Space is limited.
Apache Metron garnered the necessary votes from the Metron IPMC and Apache Incubator PMC members for its first release: Apache Metron 0.1. Join your cyber security expert organizers, George Vetticaden Principal Product Manager of Apache Metron (Hortonworker), James Sirota, Cisco OpenSOC founding team leader and Data Scientist (Hortonworker), Jai Rao, Director, Enterprise Data Services (Capital One) and Sagar Gaikwad, Manager, Big Data CyberTech (Capital One). This session is intended for all, CISOs, Security Operation Center (SOC) professionals and software developers who are interested in contributing to the Apache Metron Community and the areas that interest them. The focus of this meeting is bringing peers together to accelerate innovation and time to detect and respond to an Advanced Persistent Threat.
The meetup will be split into two sessions. There will be an overview of Apache Metron followed by a Code Lab. The first session will cover challenges with traditional cyber applications, an introduction to Apache Metron, and new features and enhancements in Metron 0.1.
During the second session and Code Lab, the meetup leaders will walk through the IDE setup with Metron codebase, installing Metron on a single Dev VM and adding new telemetry data sources to the platform.
Agenda for Overview of Apache Metron (5:30-6:30)
Speakers: George Vetticaden, Jai Rao, and Sagar Gaikwad
• Challenges with Today’s Security Tools to Combat Cyber Attacks
• Introduction to Apache Metron
• The User Personas for Apache Metron
• Why Apache Metron?
• Data Scientist Perspective
• SOC Analyst/Investigator Perspective
• Metron Deep Dive – Tracing a telemetry event as it flows through the platform
Agenda for CodeLab (6:30 to 9:00)
Workshop Leaders: James Sirota, Jai Rao, and Sagar Gaikwad
• Setup Development/IDE environment with Apache Metron code base
• Build and deploy Metron application on a vagrant VM on your workstation
• Add a new security telemetry data source to Metron
• Use Apache Nifi to ingest events from new data source into Metron
• Add new Storm topology to Metron to parse events for new data source
• Add Net New enrichments for the new data source
• Add Net new threat intel data
• Build and deploy new updated Metron application with support of new telemetry data source
• Walkthrough the Metron UI and show new events from new data source as it flows into Metron