The Metron architecture can be divided into the following areas:

  1. Data Collection
  2. Real-time Data Processing (Parsing, Enrichment, Alerting, Indexing, Storage, model/rule execution ,tc..)
  3. Analytics 
  4. Dashboards for SOC analysts


Data Collection

Coming Soon


Real-time Data Processing

Metron's Real-time processing engine is powered by Storm. 

The below diagram illustrates the architecture


Coming Soon


Dashboards for SOC Analysts

Currently, the Dashboards are implemented as a custom UI built on top Kibana. See the below screenshot of the what the Dashboard looks like


  • No labels