This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Skip to end of metadata
Go to start of metadata

The Metron architecture can be divided into the following areas:

  1. Data Collection
  2. Real-time Data Processing (Parsing, Enrichment, Alerting, Indexing, Storage, model/rule execution ,tc..)
  3. Analytics 
  4. Dashboards for SOC analysts


Data Collection

Coming Soon


Real-time Data Processing

Metron's Real-time processing engine is powered by Storm. 

The below diagram illustrates the architecture


Coming Soon


Dashboards for SOC Analysts

Currently, the Dashboards are implemented as a custom UI built on top Kibana. See the below screenshot of the what the Dashboard looks like


  • No labels