Baban Gaigole, profile picture
Uploaded byBaban Gaigole
2,114 views

Apache metron - An Introduction

Apache Metron is a cyber security application framework designed for organizations to ingest, process, and store diverse security data feeds in real-time for anomaly detection. It features advanced analytics capabilities, including data enrichment, full-packet capture, and a user-friendly interface for monitoring network traffic and machine logs. Key advantages include real-time alerting and the ability to automate the detection of up to 90% of malicious activities, thereby reducing the need for human intervention.

Embed presentation

Locuz Enterprise Solutions Ltd. All rights reserved. Converge to the Cloud Introduction to APACHE METRON Author: Baban Gaigole
2 INTRODUCTION Apache Metron also provides a scalable advanced security analytics framework which is built with Hadoop Community. Apache Metron is a cyber security application framework that provides organizations the ability to ingest, process and store diverse security data feeds in order to detect cyber anomalies and enable organizations to rapidly respond to them. Apache Metron is specifically designed to monitor network traffic and machine logs within an organization by continuously consuming live flowing data from a myriad of “data in motion” sources.
3 HISTORY
4 FEATURES Ability to capture, store and normalize any type of security telemetry data. Real-time processing. Data enrichment like threat intelligence, geolocation and DNS info. Serves as an efficient information storage Provides a user-friendly interface with a centralized view of data and alerts passed through the system. Provides a scalable platform for security analytics and functionalities like full-packet capture, stream processing, batch processing, real- time search and telemetry aggregation.
5 ARCHITECTURE
6 COMPONENTS METRON MODULES Various Metron modules perform below main activities: Normalize telemetry data from native sensor format to Metron JSON. Stream network packets into HDFS for use with PCAP service. Enrich Metron JSON messages, cross-referencing them against threat intelligent stores and fire alerts. Starts service for running analytics, filter PCAP files put there by PCAP. Using sensors to feed Metron dashboards and analytics. Bulk loading of enrichments and threat intelligent stores. Metron UI Automating Metron deployments.
7 DOMAIN SPECIFIC LANGUAGES Stellar transformation language Stellar query language
8 WORK FLOW 1. Ingest data using sensor probes PCAP Bro Snort File HTTP Syslog Sensor / Probes Kafka Topic PCAP Topic Bro Topic Snort Topic Syslog Topic Squid
9 2. Parse / normalize the partitioned telemetry data KAFKA Topic PCAP Topic Bro Topic Snort Topic Syslog Topic Squid Topology PCAP Topology Bro Topology Snort Topology Syslog Topology Squid
10 3. Enrich normalized telemetry data KAFKA Topic PCAP Topic Bro Topic Snort Topic Syslog Topic Squid Topology PCAP Topology Bro Topology Snort Topology Syslog Topology Squid Topic Enrichment
11 KAFKA Topic PCAP Topic Bro Topic Snort Topic Syslog Topic Squid Topology PCAP Topology Bro Topology Snort Topology Syslog Topology Squid Topic Enrichment Threat Intelligent Topology 4. Label enriched telemetry data
12 Topology PCAP Topology Bro Topology Snort Topology Syslog Topology Squid Threat Intelligent Topology HDF S
13 5. Alert, persist and index labeled telemetry data In case there are alerts initiated, then those events are stored in alert index store like Elasticsearch or Solr. The telemetry events can be stored in storages like HDFS or Hbase.
14 INSTALLATION Apache Metron can be downloaded from http://metron.incubator.apache.org/. Apache Metron is still under development and recently released Metron_0.2.0BETA_rc3 and available at GitHub in tarball format.
15 INSTALLATION METHODS There are three different ways to install Apache Metron: 1. Dev VM Install 2. Cloud Install 3. Metron Installation on an Ambari-Managed Cluster
16 ADVANTAGES The most significant advantage of Apache Metron is the real-time cross- referencing of these threat feeds against telemetry data that is being streamed into the system in order to send an alert instantaneously. After detecting the threat application immediately filters out the specific traffic associated with the malicious data. The data is tagged and can be assigned to junior analysts in SOC to review and take necessary action. As a result, 90% of malicious activity can be now automatically detected for SOC reducing human effort and intervention.
17 Thank You!!!

More Related Content

PDF
Alphorm.com Formation Logpoint SIEM: Le guide complet
byAlphorm
 
PPTX
Nmap basics
byn|u - The Open Security Community
 
PDF
No Easy Breach DerbyCon 2016
byMatthew Dunwoody
 
PPTX
Metasploit framwork
byDeepanshu Gajbhiye
 
PPTX
Metasploit (Module-1) - Getting Started With Metasploit
byAnurag Srivastava
 
PPTX
Microservices With Istio Service Mesh
byNatanael Fonseca
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
PPTX
Microservices in the Apache Kafka Ecosystem
byconfluent
 
Alphorm.com Formation Logpoint SIEM: Le guide complet
byAlphorm
 
Nmap basics
byn|u - The Open Security Community
 
No Easy Breach DerbyCon 2016
byMatthew Dunwoody
 
Metasploit framwork
byDeepanshu Gajbhiye
 
Metasploit (Module-1) - Getting Started With Metasploit
byAnurag Srivastava
 
Microservices With Istio Service Mesh
byNatanael Fonseca
 
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
Microservices in the Apache Kafka Ecosystem
byconfluent
 

What's hot

PDF
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
PPTX
NMap
byPritesh Raka
 
PPTX
kali linux Presentaion
byDev Gandhi
 
PPTX
Malware Classification and Analysis
byPrashant Chopra
 
PDF
Palo alto-review
byRayan Darine
 
PDF
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
byssuser7b150d
 
PPTX
Metasploit
byInstitute of Information Security (IIS)
 
PDF
Apache Kafka - Martin Podval
byMartin Podval
 
PDF
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
byZabbix
 
PDF
Super Easy Memory Forensics
byIIJ
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
PDF
CISSP 8 Domains.pdf
bydotco
 
PDF
Hunting for Credentials Dumping in Windows Environment
byTeymur Kheirkhabarov
 
PDF
Threat Hunting
bySplunk
 
PDF
Understanding the Event Log
bychuckbt
 
PDF
Nmap basics
byitmind4u
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PDF
Kubernetes Networking
byCJ Cullen
 
PPT
Nagios
byguest7e7e305
 
PDF
Apache Kafka Architecture & Fundamentals Explained
byconfluent
 
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
NMap
byPritesh Raka
 
kali linux Presentaion
byDev Gandhi
 
Malware Classification and Analysis
byPrashant Chopra
 
Palo alto-review
byRayan Darine
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
byssuser7b150d
 
Metasploit
byInstitute of Information Security (IIS)
 
Apache Kafka - Martin Podval
byMartin Podval
 
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
byZabbix
 
Super Easy Memory Forensics
byIIJ
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
CISSP 8 Domains.pdf
bydotco
 
Hunting for Credentials Dumping in Windows Environment
byTeymur Kheirkhabarov
 
Threat Hunting
bySplunk
 
Understanding the Event Log
bychuckbt
 
Nmap basics
byitmind4u
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
Kubernetes Networking
byCJ Cullen
 
Nagios
byguest7e7e305
 
Apache Kafka Architecture & Fundamentals Explained
byconfluent
 

Viewers also liked

PPTX
Apache Metron: Community Driven Cyber Security
byDataWorks Summit/Hadoop Summit
 
PPTX
Apache Metron Meetup May 4, 2016 - Big data cybersecurity
byHortonworks
 
PPTX
Apache Spot
byAustin Leahy
 
PPTX
Apache metron meetup presentation at capital one
bygvetticaden
 
PPTX
Tracing your security telemetry with Apache Metron
byDataWorks Summit/Hadoop Summit
 
PPTX
2016 Cybersecurity Analytics State of the Union
byCloudera, Inc.
 
PPTX
Security From The Big Data and Analytics Perspective
byAll Things Open
 
PDF
Fighting cybersecurity threats with Apache Spot
bymarkgrover
 
PPTX
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
byCarolyn Duby
 
PPTX
Cisco OpenSOC
byJames Sirota
 
PDF
War on stealth cyber attacks phishing docusign apache metron
bygvetticaden
 
PPTX
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
byCloudera, Inc.
 
PPTX
Real-Time Data Flows with Apache NiFi
byManish Gupta
 
PPTX
Apache NiFi- MiNiFi meetup Slides
byIsheeta Sanghi
 
PDF
Apache Milagro Presentation at ApacheCon Europe 2016
byBrian Spector
 
PDF
Manage Hadoop Cluster with Ambari
byTeK Charnsilp Chinprasert
 
PDF
유전 알고리즘으로 패킷 필터링 규칙 만들기
byHyunwoo Kim
 
PDF
Apache NiFi 1.0 in Nutshell
byKoji Kawamura
 
PDF
Open Security Operations Center - OpenSOC
bySheetal Dolas
 
PDF
Apache Kafka DC Meetup: Replicating DB Binary Logs to Kafka
byMark Bittmann
 
Apache Metron: Community Driven Cyber Security
byDataWorks Summit/Hadoop Summit
 
Apache Metron Meetup May 4, 2016 - Big data cybersecurity
byHortonworks
 
Apache Spot
byAustin Leahy
 
Apache metron meetup presentation at capital one
bygvetticaden
 
Tracing your security telemetry with Apache Metron
byDataWorks Summit/Hadoop Summit
 
2016 Cybersecurity Analytics State of the Union
byCloudera, Inc.
 
Security From The Big Data and Analytics Perspective
byAll Things Open
 
Fighting cybersecurity threats with Apache Spot
bymarkgrover
 
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
byCarolyn Duby
 
Cisco OpenSOC
byJames Sirota
 
War on stealth cyber attacks phishing docusign apache metron
bygvetticaden
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
byCloudera, Inc.
 
Real-Time Data Flows with Apache NiFi
byManish Gupta
 
Apache NiFi- MiNiFi meetup Slides
byIsheeta Sanghi
 
Apache Milagro Presentation at ApacheCon Europe 2016
byBrian Spector
 
Manage Hadoop Cluster with Ambari
byTeK Charnsilp Chinprasert
 
유전 알고리즘으로 패킷 필터링 규칙 만들기
byHyunwoo Kim
 
Apache NiFi 1.0 in Nutshell
byKoji Kawamura
 
Open Security Operations Center - OpenSOC
bySheetal Dolas
 
Apache Kafka DC Meetup: Replicating DB Binary Logs to Kafka
byMark Bittmann
 

Similar to Apache metron - An Introduction

PDF
Cybersecurity with Apache Metron and Apache Solr - Ward Bekker, Hortonworks &...
byLucidworks
 
PDF
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
byDataWorks Summit
 
PDF
Apache Metron in the Real World
byDataWorks Summit
 
PDF
Apache Metron in the Real World
byDave Russell
 
PPTX
How T-Mobile Tamed Metron
byDataWorks Summit
 
PPTX
An Introduction to Prometheus (GrafanaCon 2016)
byBrian Brazil
 
PPTX
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
byBrian Brazil
 
PPTX
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
byKevin Mao
 
PDF
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
byPriyanka Aash
 
PDF
Deep into Prometheus
byZaar Hai
 
PPTX
Data data everywhere
byMetron
 
PDF
Apache Metron - Profiler
byNick Allen
 
PDF
Intro to open source observability with grafana, prometheus, loki, and tempo(...
byLibbySchulze
 
PPTX
Scalable and adaptable typosquatting detection in Apache Metron
byDataWorks Summit
 
PPTX
Hot to build continuously processing for 24/7 real-time data streaming platform?
byGetInData
 
PDF
Using JavaScript to Put the "Internet" in IoT
byKevin Swiber
 
PPTX
Challenges of monitoring distributed systems
byNenad Bozic
 
PDF
Solving Cybersecurity at Scale
byDataWorks Summit
 
PDF
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
byhackersuli
 
PPTX
Apply big data and data lake for processing security data collections
byGregory Shlyuger
 
Cybersecurity with Apache Metron and Apache Solr - Ward Bekker, Hortonworks &...
byLucidworks
 
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
byDataWorks Summit
 
Apache Metron in the Real World
byDataWorks Summit
 
Apache Metron in the Real World
byDave Russell
 
How T-Mobile Tamed Metron
byDataWorks Summit
 
An Introduction to Prometheus (GrafanaCon 2016)
byBrian Brazil
 
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
byBrian Brazil
 
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
byKevin Mao
 
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
byPriyanka Aash
 
Deep into Prometheus
byZaar Hai
 
Data data everywhere
byMetron
 
Apache Metron - Profiler
byNick Allen
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
byLibbySchulze
 
Scalable and adaptable typosquatting detection in Apache Metron
byDataWorks Summit
 
Hot to build continuously processing for 24/7 real-time data streaming platform?
byGetInData
 
Using JavaScript to Put the "Internet" in IoT
byKevin Swiber
 
Challenges of monitoring distributed systems
byNenad Bozic
 
Solving Cybersecurity at Scale
byDataWorks Summit
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
byhackersuli
 
Apply big data and data lake for processing security data collections
byGregory Shlyuger
 

Recently uploaded

PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
PDF
January Patch Tuesday
byIvanti
 
PDF
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PPTX
Accelerate Innovation with Engineering R&D Services
byChetu
 
PDF
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PPTX
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
PPTX
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
PDF
Laravel Up Running, 3rd Edition A Framework for Building Modern PHP Apps (Mat...
byNEXACORE
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PDF
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
PDF
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
January Patch Tuesday
byIvanti
 
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Accelerate Innovation with Engineering R&D Services
byChetu
 
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
Laravel Up Running, 3rd Edition A Framework for Building Modern PHP Apps (Mat...
byNEXACORE
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 

Apache metron - An Introduction

  • 1.
    Locuz Enterprise SolutionsLtd. All rights reserved. Converge to the Cloud Introduction to APACHE METRON Author: Baban Gaigole
  • 2.
    2 INTRODUCTION Apache Metron alsoprovides a scalable advanced security analytics framework which is built with Hadoop Community. Apache Metron is a cyber security application framework that provides organizations the ability to ingest, process and store diverse security data feeds in order to detect cyber anomalies and enable organizations to rapidly respond to them. Apache Metron is specifically designed to monitor network traffic and machine logs within an organization by continuously consuming live flowing data from a myriad of “data in motion” sources.
  • 3.
  • 4.
    4 FEATURES Ability to capture,store and normalize any type of security telemetry data. Real-time processing. Data enrichment like threat intelligence, geolocation and DNS info. Serves as an efficient information storage Provides a user-friendly interface with a centralized view of data and alerts passed through the system. Provides a scalable platform for security analytics and functionalities like full-packet capture, stream processing, batch processing, real- time search and telemetry aggregation.
  • 5.
  • 6.
    6 COMPONENTS METRON MODULES Various Metronmodules perform below main activities: Normalize telemetry data from native sensor format to Metron JSON. Stream network packets into HDFS for use with PCAP service. Enrich Metron JSON messages, cross-referencing them against threat intelligent stores and fire alerts. Starts service for running analytics, filter PCAP files put there by PCAP. Using sensors to feed Metron dashboards and analytics. Bulk loading of enrichments and threat intelligent stores. Metron UI Automating Metron deployments.
  • 7.
    7 DOMAIN SPECIFIC LANGUAGES Stellartransformation language Stellar query language
  • 8.
    8 WORK FLOW 1. Ingestdata using sensor probes PCAP Bro Snort File HTTP Syslog Sensor / Probes Kafka Topic PCAP Topic Bro Topic Snort Topic Syslog Topic Squid
  • 9.
    9 2. Parse /normalize the partitioned telemetry data KAFKA Topic PCAP Topic Bro Topic Snort Topic Syslog Topic Squid Topology PCAP Topology Bro Topology Snort Topology Syslog Topology Squid
  • 10.
    10 3. Enrich normalizedtelemetry data KAFKA Topic PCAP Topic Bro Topic Snort Topic Syslog Topic Squid Topology PCAP Topology Bro Topology Snort Topology Syslog Topology Squid Topic Enrichment
  • 11.
    11 KAFKA Topic PCAP Topic Bro TopicSnort Topic Syslog Topic Squid Topology PCAP Topology Bro Topology Snort Topology Syslog Topology Squid Topic Enrichment Threat Intelligent Topology 4. Label enriched telemetry data
  • 12.
  • 13.
    13 5. Alert, persistand index labeled telemetry data In case there are alerts initiated, then those events are stored in alert index store like Elasticsearch or Solr. The telemetry events can be stored in storages like HDFS or Hbase.
  • 14.
    14 INSTALLATION Apache Metron canbe downloaded from http://metron.incubator.apache.org/. Apache Metron is still under development and recently released Metron_0.2.0BETA_rc3 and available at GitHub in tarball format.
  • 15.
    15 INSTALLATION METHODS There arethree different ways to install Apache Metron: 1. Dev VM Install 2. Cloud Install 3. Metron Installation on an Ambari-Managed Cluster
  • 16.
    16 ADVANTAGES The most significantadvantage of Apache Metron is the real-time cross- referencing of these threat feeds against telemetry data that is being streamed into the system in order to send an alert instantaneously. After detecting the threat application immediately filters out the specific traffic associated with the malicious data. The data is tagged and can be assigned to junior analysts in SOC to review and take necessary action. As a result, 90% of malicious activity can be now automatically detected for SOC reducing human effort and intervention.
  • 17.