With Metron, our goal is to tie big data into securityĪnalytics and drive towards an extensible centralized platform to effectivelyĮnable rapid detection and rapid response for advanced security threats. The Metronįramework integrates a number of elements from the Hadoop ecosystem to provideĪ scalable platform for security analytics, incorporating such functionality asįull-packet capture, stream processing, batch processing, real-time search, and Furthermore, advanced search capabilities and full packetĮxtraction tools are presented to the analyst for investigation without theīig data is a natural fit for powerful security analytics. Summaries with threat intelligence and enrichment data specific to that alert Stored models for advanced anomaly detection.Īn interface that gives a security investigator a centralized view of dataĪnd alerts passed through the system. Incoming data can then be scored against these Long-term storage not only increases visibility over time, but also enablesĪdvanced analytics such as machine learning techniques to be used to create.Questions such as who the true attacker was, what data was leaked, and where The ability to extract and reconstruct full packets helps an analyst answer.Logs and telemetry are stored such that they can be efficiently mined and.The context and situational awareness, as well as the who and whereĮfficient information storage based on how the information will be used: The immediate application of this information to incoming telemetry provides Intelligence, geolocation, and DNS information to telemetry being collected. Real time processing and application of enrichments such as threat Because security telemetry is constantlyīeing generated, it requires a method for ingesting the data at high speedsĪnd pushing it to various processing units for advanced computation and analytics. The most current threat intelligence information to security telemetryįor the latest information, please visit our website at Ī mechanism to capture, store, and normalize any type of security Storage, advanced behavioral analytics and data enrichment, while applying Provides capabilities for log aggregation, full packet capture indexing, To offer a centralized tool for security monitoring and analysis. Metron integrates a variety of open source big data technologies in order
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |