How to Define Elastic Search Templates for Apache Metron

When you onboard a new data source on Apache Metron and you use Elastic Search (ES) as your indexing + search engine you need to specify and submit an ES template before the indexing topology attempts the first write to the ES cluster. The template should contain the following items: Dynamic fields for possible geo enrichments of any ip address field, dynamic fields for other kinds … Continue reading How to Define Elastic Search Templates for Apache Metron

Apache Metron as an Example for a Real Time Data Processing Pipeline

In my previous blog post I was writing a little bit about what Apache Metron is and How to Onboard a New Data Source in Apache Metron. Now I want to shine some light on how the ingestion pipeline architecture looks like. Since I just got started with Apache Metron myself, I hope this helps to kickstart your cyber security efforts. Rather than going too … Continue reading Apache Metron as an Example for a Real Time Data Processing Pipeline

How to Onboard a New Data Source in Apache Metron

Introduction Apache Metron aims to be a tool for analysts in a cyber security team to help them defining intelligent alerts, detecting threats and work on them in real-time. This is the first blog post in a row to ease operations and share my experiences with Apache Metron. Thus, it serves as an introduction to Metron. Technical Introduction Apache Metron is a cyber security platform making heavy … Continue reading How to Onboard a New Data Source in Apache Metron