The Metron architecture can be divided into the following areas:
- Data Collection
- Real-time Data Processing (Parsing, Enrichment, Alerting, Indexing, Storage, model/rule execution ,tc..)
- Analytics
- Dashboards for SOC analysts
Data Collection
Coming Soon
Real-time Data Processing
Metron's Real-time processing engine is powered by Storm.
The below diagram illustrates the architecture
Analytics
Coming Soon
Dashboards for SOC Analysts
Currently, the Dashboards are implemented as a custom UI built on top Kibana. See the below screenshot of the what the Dashboard looks like