Metron supports the following list of Sensors and formats
| Sensor Name | External Reference Material | Sensor Description | Native Sensor Format | Supported Versions | Metron Capture Architecture |
|---|---|---|---|---|---|
| Data Plane Development Kit (DPDK) Probe | http://dpdk.org/ | A high speed packet capture probe designed especially for use with the latest Packet Capture (PCAP) service of Metron. This sensor is designed to capture raw packets off the wire at a very high rate of speed. The telemetry that this sensor produces is the highest throughput telemetry in Metron. While the probe is not tightly coupled to the PCAP service, using both together for PCAP retrieval is highly recommended. | Raw Network Packets | DPDK 2.2.0 and above PCAP Service 2.x and above | Metron Packet Capture Probe Design |
| Bro IDS | https://www.bro.org/ | Used as a Deep Packet Inspection (DPI) sensor, primarily for HTTP and DNS data for Metron. In order to integrate Bro with Metron we require a Bro plug-in to be installed. The Bro plugin can be found here: https://github.com/apache/incubator-metron/tree/master/bro-plugin-kafka | Metron-Bro JSON | Bro 2.4.1 and above Bro plug-in 0.1 and above | Metron Bro Capture Design |
| Yet Another Flowmeter (YAF) | https://tools.netsa.cert.org/yaf/ | Processes packet data from PCAP into bidirectional flows | IPFIX (Netflow) | 2.8.1 and above | Metron YAF Capture Design |
| Snort | https://www.snort.org/ | Network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis | 2.9.8.0 and above | Snort Capture Design | |
| More to come.... |