The Metron architecture can be divided into the following areas:

  1. Data Collection
  2. Real-time Data Processing (Parsing, Enrichment, Alerting, Indexing, Storage, model/rule execution ,tc..)
  3. Analytics 
  4. Dashboards for SOC analysts

 

Data Collection

Coming Soon

 

Real-time Data Processing

Metron's Real-time processing engine is powered by Storm. 

The below diagram illustrates the architecture

Analytics

Coming Soon

 

Dashboards for SOC Analysts

Currently, the Dashboards are implemented as a custom UI built on top Kibana. See the below screenshot of the what the Dashboard looks like

 

  • No labels