- Setting up the Use Case
- Adding a New Telemetry Data Source
- Enhancing Metron Dashboard
- Enriching Telemetry Events
- Profiling Your Streams
- Application of Threat Intel Feeds
- Threat Triage
- Launching Metron Topologies
- Bulk Loading Enrichments and Pruning Data
What is the Metron Reference App?
A use Case that showcases the following:
- How to add telemetry events from a new data source (Squid) which covers parsing, filtering, transforms and validates
- How to see the new Events in the Metron UI
- How to enrich the telemetry events
- How to do threat intel cross reference checks against event
- How to raise alerts
- How to persist (index, long term storage) the events
- How to setup data profiles
- How to deploy a model using Model as a Service
- How to reference a model via Triage
- How to extend Stellar functions
- How to chain Stellar enrichments
Why Do We need it?
Similar to the famous java pet store app, it provides an app that is constantly updated to showcase new features.
What are the updates to the Metron Reference App with Metron 0.3.0 release?
- Entity profiler to profile streaming data
- Stellar shell to interface with Stellar functions via a REPL
- Model as a Service for deploying models
- Chaining enrichments
- Referencing profiles and ML via Triage