Soumettre la recherche
Mettre en ligne
Apache Metron: Community Driven Cyber Security
•
Télécharger en tant que PPTX, PDF
•
13 j'aime
•
7,677 vues
DataWorks Summit/Hadoop Summit
Suivre
Apache Metron: Community Driven Cyber Security
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 45
Télécharger maintenant
Recommandé
Apache metron - An Introduction
Apache metron - An Introduction
Baban Gaigole
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
DataWorks Summit
Mainframe Modernization with Precisely and Microsoft Azure
Mainframe Modernization with Precisely and Microsoft Azure
Precisely
Splunk Architecture
Splunk Architecture
Kishore Chaganti
IP Address Management Best Practices
IP Address Management Best Practices
SolarWinds
dlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
Zero Downtime Deployment
Zero Downtime Deployment
Joel Dickson
Building APIs with Mule and Spring Boot
Building APIs with Mule and Spring Boot
Guilherme Pereira Silva
Recommandé
Apache metron - An Introduction
Apache metron - An Introduction
Baban Gaigole
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
DataWorks Summit
Mainframe Modernization with Precisely and Microsoft Azure
Mainframe Modernization with Precisely and Microsoft Azure
Precisely
Splunk Architecture
Splunk Architecture
Kishore Chaganti
IP Address Management Best Practices
IP Address Management Best Practices
SolarWinds
dlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
Zero Downtime Deployment
Zero Downtime Deployment
Joel Dickson
Building APIs with Mule and Spring Boot
Building APIs with Mule and Spring Boot
Guilherme Pereira Silva
Fleet and elastic agent
Fleet and elastic agent
Ismaeel Enjreny
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
Splunk Overview
Splunk Overview
Splunk
Apache Superset at Airbnb
Apache Superset at Airbnb
Bill Liu
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
Kellton Tech Solutions Ltd
Mule : Building Blocks for Microservices
Mule : Building Blocks for Microservices
Anirudh Pandit
Why a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is Essential
Alibaba Cloud
Policy as Code: IT Governance With HashiCorp Sentinel
Policy as Code: IT Governance With HashiCorp Sentinel
Mitchell Pronschinske
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
HostedbyConfluent
Cloud Migration Workshop
Cloud Migration Workshop
Amazon Web Services
Splunk for IT Operations
Splunk for IT Operations
Splunk
Cloud Migration - CCS Technologies (P) Ltd.
Cloud Migration - CCS Technologies (P) Ltd.
CCS Technologies (P) Ltd.
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Floyd DCosta
IBM Think 2018: IBM MQ High Availability
IBM Think 2018: IBM MQ High Availability
Jamie Squibb
Building a Data Lake on AWS
Building a Data Lake on AWS
Amazon Web Services
Apache Kafka Best Practices
Apache Kafka Best Practices
DataWorks Summit/Hadoop Summit
AIOps, IT Analytics, and Business Performance: What’s Needed and What Works
AIOps, IT Analytics, and Business Performance: What’s Needed and What Works
Enterprise Management Associates
Cloud Cost Optimization Whitepaper
Cloud Cost Optimization Whitepaper
DevPro3
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Stephanie Lawrence
Lotus Notes Client Troubleshooting
Lotus Notes Client Troubleshooting
harirajtyagi
IBM Lotus Notes Clients - Differences
IBM Lotus Notes Clients - Differences
Dvir Reznik
Contenu connexe
Tendances
Fleet and elastic agent
Fleet and elastic agent
Ismaeel Enjreny
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
Splunk Overview
Splunk Overview
Splunk
Apache Superset at Airbnb
Apache Superset at Airbnb
Bill Liu
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
Kellton Tech Solutions Ltd
Mule : Building Blocks for Microservices
Mule : Building Blocks for Microservices
Anirudh Pandit
Why a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is Essential
Alibaba Cloud
Policy as Code: IT Governance With HashiCorp Sentinel
Policy as Code: IT Governance With HashiCorp Sentinel
Mitchell Pronschinske
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
HostedbyConfluent
Cloud Migration Workshop
Cloud Migration Workshop
Amazon Web Services
Splunk for IT Operations
Splunk for IT Operations
Splunk
Cloud Migration - CCS Technologies (P) Ltd.
Cloud Migration - CCS Technologies (P) Ltd.
CCS Technologies (P) Ltd.
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Floyd DCosta
IBM Think 2018: IBM MQ High Availability
IBM Think 2018: IBM MQ High Availability
Jamie Squibb
Building a Data Lake on AWS
Building a Data Lake on AWS
Amazon Web Services
Apache Kafka Best Practices
Apache Kafka Best Practices
DataWorks Summit/Hadoop Summit
AIOps, IT Analytics, and Business Performance: What’s Needed and What Works
AIOps, IT Analytics, and Business Performance: What’s Needed and What Works
Enterprise Management Associates
Cloud Cost Optimization Whitepaper
Cloud Cost Optimization Whitepaper
DevPro3
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Stephanie Lawrence
Tendances
(20)
Fleet and elastic agent
Fleet and elastic agent
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk Overview
Splunk Overview
Apache Superset at Airbnb
Apache Superset at Airbnb
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
Mule : Building Blocks for Microservices
Mule : Building Blocks for Microservices
Why a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is Essential
Policy as Code: IT Governance With HashiCorp Sentinel
Policy as Code: IT Governance With HashiCorp Sentinel
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
Cloud Migration Workshop
Cloud Migration Workshop
Splunk for IT Operations
Splunk for IT Operations
Cloud Migration - CCS Technologies (P) Ltd.
Cloud Migration - CCS Technologies (P) Ltd.
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
IBM Think 2018: IBM MQ High Availability
IBM Think 2018: IBM MQ High Availability
Building a Data Lake on AWS
Building a Data Lake on AWS
Apache Kafka Best Practices
Apache Kafka Best Practices
AIOps, IT Analytics, and Business Performance: What’s Needed and What Works
AIOps, IT Analytics, and Business Performance: What’s Needed and What Works
Cloud Cost Optimization Whitepaper
Cloud Cost Optimization Whitepaper
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
En vedette
Lotus Notes Client Troubleshooting
Lotus Notes Client Troubleshooting
harirajtyagi
IBM Lotus Notes Clients - Differences
IBM Lotus Notes Clients - Differences
Dvir Reznik
Tracing your security telemetry with Apache Metron
Tracing your security telemetry with Apache Metron
DataWorks Summit/Hadoop Summit
Dancing Elephants - Efficiently Working with Object Stories from Apache Spark...
Dancing Elephants - Efficiently Working with Object Stories from Apache Spark...
DataWorks Summit/Hadoop Summit
Best Practices for Enterprise User Management in Hadoop Environment
Best Practices for Enterprise User Management in Hadoop Environment
DataWorks Summit/Hadoop Summit
Big Data in Azure
Big Data in Azure
DataWorks Summit/Hadoop Summit
Solving Cyber at Scale
Solving Cyber at Scale
DataWorks Summit/Hadoop Summit
Apache Hadoop YARN: Past, Present and Future
Apache Hadoop YARN: Past, Present and Future
DataWorks Summit/Hadoop Summit
File Format Benchmark - Avro, JSON, ORC and Parquet
File Format Benchmark - Avro, JSON, ORC and Parquet
DataWorks Summit/Hadoop Summit
Automatic Detection, Classification and Authorization of Sensitive Personal D...
Automatic Detection, Classification and Authorization of Sensitive Personal D...
DataWorks Summit/Hadoop Summit
MaaS (Model as a Service): Modern Streaming Data Science with Apache Metron
MaaS (Model as a Service): Modern Streaming Data Science with Apache Metron
DataWorks Summit
Running Services on YARN
Running Services on YARN
DataWorks Summit/Hadoop Summit
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
DataWorks Summit
Hadoop 3 in a Nutshell
Hadoop 3 in a Nutshell
DataWorks Summit/Hadoop Summit
En vedette
(14)
Lotus Notes Client Troubleshooting
Lotus Notes Client Troubleshooting
IBM Lotus Notes Clients - Differences
IBM Lotus Notes Clients - Differences
Tracing your security telemetry with Apache Metron
Tracing your security telemetry with Apache Metron
Dancing Elephants - Efficiently Working with Object Stories from Apache Spark...
Dancing Elephants - Efficiently Working with Object Stories from Apache Spark...
Best Practices for Enterprise User Management in Hadoop Environment
Best Practices for Enterprise User Management in Hadoop Environment
Big Data in Azure
Big Data in Azure
Solving Cyber at Scale
Solving Cyber at Scale
Apache Hadoop YARN: Past, Present and Future
Apache Hadoop YARN: Past, Present and Future
File Format Benchmark - Avro, JSON, ORC and Parquet
File Format Benchmark - Avro, JSON, ORC and Parquet
Automatic Detection, Classification and Authorization of Sensitive Personal D...
Automatic Detection, Classification and Authorization of Sensitive Personal D...
MaaS (Model as a Service): Modern Streaming Data Science with Apache Metron
MaaS (Model as a Service): Modern Streaming Data Science with Apache Metron
Running Services on YARN
Running Services on YARN
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Hadoop 3 in a Nutshell
Hadoop 3 in a Nutshell
Similaire à Apache Metron: Community Driven Cyber Security
Make Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for You
Hortonworks
CVENJamesYu_201512
CVENJamesYu_201512
James, Yu
Apache Metron in the Real World
Apache Metron in the Real World
Dave Russell
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
DataWorks Summit
Apache Metron - Profiler
Apache Metron - Profiler
Nick Allen
Unlocking insights in streaming data
Unlocking insights in streaming data
Carolyn Duby
Streamline - Stream Analytics for Everyone
Streamline - Stream Analytics for Everyone
DataWorks Summit/Hadoop Summit
Make Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the Details
DataWorks Summit/Hadoop Summit
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
Hortonworks
Streaming analytics manager
Streaming analytics manager
Sriharsha Chintalapani
SAM - Streaming Analytics Made Easy
SAM - Streaming Analytics Made Easy
DataWorks Summit
Apache Metron Profiler - Cyber Bootcamp 2017
Apache Metron Profiler - Cyber Bootcamp 2017
Nick Allen
Next gen tooling for building streaming analytics apps: code-less development...
Next gen tooling for building streaming analytics apps: code-less development...
DataWorks Summit
Paris FOD meetup - Streams Messaging Manager
Paris FOD meetup - Streams Messaging Manager
Abdelkrim Hadjidj
Analytics driven SDN and commodity switches
Analytics driven SDN and commodity switches
netvis
A streaming architecture for Cyber Security - Apache Metron
A streaming architecture for Cyber Security - Apache Metron
Simon Elliston Ball
Solving Cybersecurity at Scale
Solving Cybersecurity at Scale
DataWorks Summit
Application Programming Interface
Application Programming Interface
Seculert
Data at Scales and the Values of Starting Small with Apache NiFi & MiNiFi
Data at Scales and the Values of Starting Small with Apache NiFi & MiNiFi
Aldrin Piri
Apache Metron Meetup May 4, 2016 - Big data cybersecurity
Apache Metron Meetup May 4, 2016 - Big data cybersecurity
Hortonworks
Similaire à Apache Metron: Community Driven Cyber Security
(20)
Make Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for You
CVENJamesYu_201512
CVENJamesYu_201512
Apache Metron in the Real World
Apache Metron in the Real World
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
Druid: Sub-Second OLAP queries over Petabytes of Streaming Data
Apache Metron - Profiler
Apache Metron - Profiler
Unlocking insights in streaming data
Unlocking insights in streaming data
Streamline - Stream Analytics for Everyone
Streamline - Stream Analytics for Everyone
Make Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the Details
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
Streaming analytics manager
Streaming analytics manager
SAM - Streaming Analytics Made Easy
SAM - Streaming Analytics Made Easy
Apache Metron Profiler - Cyber Bootcamp 2017
Apache Metron Profiler - Cyber Bootcamp 2017
Next gen tooling for building streaming analytics apps: code-less development...
Next gen tooling for building streaming analytics apps: code-less development...
Paris FOD meetup - Streams Messaging Manager
Paris FOD meetup - Streams Messaging Manager
Analytics driven SDN and commodity switches
Analytics driven SDN and commodity switches
A streaming architecture for Cyber Security - Apache Metron
A streaming architecture for Cyber Security - Apache Metron
Solving Cybersecurity at Scale
Solving Cybersecurity at Scale
Application Programming Interface
Application Programming Interface
Data at Scales and the Values of Starting Small with Apache NiFi & MiNiFi
Data at Scales and the Values of Starting Small with Apache NiFi & MiNiFi
Apache Metron Meetup May 4, 2016 - Big data cybersecurity
Apache Metron Meetup May 4, 2016 - Big data cybersecurity
Plus de DataWorks Summit/Hadoop Summit
Running Apache Spark & Apache Zeppelin in Production
Running Apache Spark & Apache Zeppelin in Production
DataWorks Summit/Hadoop Summit
State of Security: Apache Spark & Apache Zeppelin
State of Security: Apache Spark & Apache Zeppelin
DataWorks Summit/Hadoop Summit
Unleashing the Power of Apache Atlas with Apache Ranger
Unleashing the Power of Apache Atlas with Apache Ranger
DataWorks Summit/Hadoop Summit
Enabling Digital Diagnostics with a Data Science Platform
Enabling Digital Diagnostics with a Data Science Platform
DataWorks Summit/Hadoop Summit
Revolutionize Text Mining with Spark and Zeppelin
Revolutionize Text Mining with Spark and Zeppelin
DataWorks Summit/Hadoop Summit
Double Your Hadoop Performance with Hortonworks SmartSense
Double Your Hadoop Performance with Hortonworks SmartSense
DataWorks Summit/Hadoop Summit
Hadoop Crash Course
Hadoop Crash Course
DataWorks Summit/Hadoop Summit
Data Science Crash Course
Data Science Crash Course
DataWorks Summit/Hadoop Summit
Apache Spark Crash Course
Apache Spark Crash Course
DataWorks Summit/Hadoop Summit
Dataflow with Apache NiFi
Dataflow with Apache NiFi
DataWorks Summit/Hadoop Summit
Schema Registry - Set you Data Free
Schema Registry - Set you Data Free
DataWorks Summit/Hadoop Summit
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
DataWorks Summit/Hadoop Summit
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
DataWorks Summit/Hadoop Summit
Mool - Automated Log Analysis using Data Science and ML
Mool - Automated Log Analysis using Data Science and ML
DataWorks Summit/Hadoop Summit
How Hadoop Makes the Natixis Pack More Efficient
How Hadoop Makes the Natixis Pack More Efficient
DataWorks Summit/Hadoop Summit
HBase in Practice
HBase in Practice
DataWorks Summit/Hadoop Summit
The Challenge of Driving Business Value from the Analytics of Things (AOT)
The Challenge of Driving Business Value from the Analytics of Things (AOT)
DataWorks Summit/Hadoop Summit
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
DataWorks Summit/Hadoop Summit
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
DataWorks Summit/Hadoop Summit
Backup and Disaster Recovery in Hadoop
Backup and Disaster Recovery in Hadoop
DataWorks Summit/Hadoop Summit
Plus de DataWorks Summit/Hadoop Summit
(20)
Running Apache Spark & Apache Zeppelin in Production
Running Apache Spark & Apache Zeppelin in Production
State of Security: Apache Spark & Apache Zeppelin
State of Security: Apache Spark & Apache Zeppelin
Unleashing the Power of Apache Atlas with Apache Ranger
Unleashing the Power of Apache Atlas with Apache Ranger
Enabling Digital Diagnostics with a Data Science Platform
Enabling Digital Diagnostics with a Data Science Platform
Revolutionize Text Mining with Spark and Zeppelin
Revolutionize Text Mining with Spark and Zeppelin
Double Your Hadoop Performance with Hortonworks SmartSense
Double Your Hadoop Performance with Hortonworks SmartSense
Hadoop Crash Course
Hadoop Crash Course
Data Science Crash Course
Data Science Crash Course
Apache Spark Crash Course
Apache Spark Crash Course
Dataflow with Apache NiFi
Dataflow with Apache NiFi
Schema Registry - Set you Data Free
Schema Registry - Set you Data Free
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Mool - Automated Log Analysis using Data Science and ML
Mool - Automated Log Analysis using Data Science and ML
How Hadoop Makes the Natixis Pack More Efficient
How Hadoop Makes the Natixis Pack More Efficient
HBase in Practice
HBase in Practice
The Challenge of Driving Business Value from the Analytics of Things (AOT)
The Challenge of Driving Business Value from the Analytics of Things (AOT)
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
Backup and Disaster Recovery in Hadoop
Backup and Disaster Recovery in Hadoop
Dernier
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Dernier
(20)
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Apache Metron: Community Driven Cyber Security
1.
Apache Metron: Community Driven
Cyber Security Ned Shawa & Laurence Da Luz Hadoop Summit Melbourne - 2016
2.
2 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Apache Metron Introduction User Personas & Key Functional Themes Capabilities and Architecture Building a Use Case in Metron Questions
3.
3 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Apache Metron Introduction
4.
4 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Apache Metron Vision “Apache Metron is a Security Data Analytics Platform (SDAP). As a next generation security analytics framework, it is designed to consume and monitor network traffic and machine data within an enterprise environment. Apache Metron is extensible and is designed to work at a massive scale. It is not a SIEM but rather the next evolution of a SIEM.”
5.
5 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Cyber Security – Today’s Enterprise Threat Organizations have recently become targets of complex cyber security breeches that could have been easily prevented Cyber attacks continuously become more advanced and go un-detected using traditional IT security policies and procedures Cyber Security attacks have increased in visibility and targeted organizations with millions of customers – costing millions in privacy damages Recent cyber security attacks have been led by highly skilled technical organizations where the attack could have been prevented by known solutions 62 % - Increase in Cyber Security Breaches since 2013 8 months – Average time an advanced security breach goes unnoticed 3 Trillion – Total cost of Cyber Security breaches 1 in 3 – Security professionals are not familiar with cyber security threats 2014 ISACA
6.
6 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Apache Metron – Community Driven Cyber Security Security Data Lake Enriched 360 Correlated Searchable Discoverable Threat Intelligence 3rd Party Feeds Static Rules ML Models IOC Sharing Pluggable Framework Parsers Enrichers Threat Intel UI Widgets Security Application PCAP Replay Evidence Store Hunting Platform Apache Metron Hortonworks and the Apache Metron Community are focused on delivering the next generation cyber security platform to enable organizations to enrich and analyze all data within their enterprise
7.
7 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Apache Metron – How We Got Here
8.
8 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Apache Metron – Who’s Involved
9.
9 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Telemetry Parsers TELEMETRYINGESTBUFFER Enrichment Indexers & Writers Telemetry Parsers Real-Time Processing Security Engine Threat Intel Alert Triage DATASERVICES&INTEGRATIONLAYER Apache Metron – Capabilities Overview Real-Time Security Stream Processing Pipeline Performant Network Ingest Probes Real-Time Enrich/ Threat Intel Streams Telemetry Data Collectors / Other..
10.
10 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved User Personas & Functional Themes
11.
11 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron User Personas
12.
12 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron’s Key Functional Themes Platform Work done to harden the platform for performance, scale, extensibility and maintainability. This also includes capabilities around provisioning, managing and monitoring the application. Set of Data Sources that Metron provides capabilities to stream, ingest and parse into the platform. A set of Storm Topologies to perform various actions in real-time including: normalization of telemetry data, enrichment, cross reference with threat intel feeds, alerting, indexing, and persisting into Historical stores Data Collection Data Processing Data/Integration Services Portals/UI Set of portal, dashboard and user interfaces for the different personas.
13.
13 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Data CollectionSource Systems Message Queue Stream Process and Enrichment Data Access Network Traffic SSH System Log HTTP(S) File System email Flume PCAP NiFi Flume Kafka NiFi processor NiFi processor NiFi processor NiFi processor NiFi processor NiFi processor PCAP Topic Email Topic SSH Topic SysLog Topic HTTP Topic DPI Topic Flume Storm & Spark PCAP Topology Email Topology SSH Topology SysLog Topology HTTP Topology DPI Topology Hive Solr HBase Raw Data (Historical) Data Index PCAP Data Ability to ingest and process over 1.2 million events per second Apache Metron Logical Architecture
14.
14 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Capabilities and Architecture Apache Metron 0.2
15.
15 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Streaming and Enrichment
16.
16 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Data Ingestion Architecture
17.
17 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Key Points: • Each New Telemetry Data Source will have its own Parser Topology • Two types of Parsers available in TP2: Grok and Java Metron 0.2 Parsing / Normalization Topology
18.
18 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Parser Types Metron parser: – Input: Read native format data from Kafka topic – Output: Normalized Metron JSON Object Grok Parser – Suitable for structured or semi-structured logs – Regex-like syntax with pre-defined mappings (less effort to implement) – Good for lower volumes of data Java Parser – Requires custom code (more effort to implement) – Good for higher volumes of data
19.
19 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Enrichment Topology
20.
20 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Enrichment Topology Enrich Add additional information to raw source during streaming In-built Geo enrichment (IP to coordinates + City/State/Country) Streaming Allows ML models to score in real-time instead of batch Threat Intel Flag alerts against intel feed & determine triage
21.
21 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Stellar Framework What is it? – Powerful framework that provides a custom DSL that is used across different Metron components for querying, transformation and configuring rules. Why do we Need it? – For a variety of components we have the need to determine if a condition is true and if so perform some action. – For those purposes, this framework provides the DSL to create those conditions and execute a set of action. How is Stellar Used within Metron today? 1. Filtering, transformations and validations in parser topologies 2. Threat Triage - allocating scores to certain rules based on conditions 3. PCAP CLI – Query for pcap data
22.
22 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved What does Stellar consist of? Referencing Fields in the enriched JSON Simple boolean operations: and, not, or Simple comparison operations <, >, <=, >= Determining whether a field exists (via exists) The ability to have parenthesis to make order of operations explicit E.g.: IN_SUBNET( ip, '192.168.0.0/24') or ip in [ '10.0.0.1’,'10.0.0.2' ] or exists(is_local) A fixed set of functions which take strings and return boolean inlcuding: – IN_SUBNET, IS_EMPTY, STARTS_WITH, ENDS_WITH, REGEXP_MATCH, IS_IP, IS_DOMAIN, IS_EMAIL, IS_URL, IS_DATE, IS_INTEGER A fixed set of transformation functions including: – TO_LOWER, TO_UPPER, TO_INTEGER, TO_DOUBLE, TRIM, JOIN, SPLIT, GET_FIRST, GET_LAST, GET, MAP_GET, DOMAIN_TO_TLD, DOMAIN_REMOVE_TLD, URL_TO_HOST, URL_TO_PROTOCOL, URL_TO_PORT, URL_TO_PATH, TO_EPOCH_TIMESTAMP E.g.: IN_SUBNET( ip, '192.168.0.0/24') or ip in [ '10.0.0.1', '10.0.0.2' ] or exists(is_local) Query Language Transformation Language
23.
23 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Metron JSON Object Numerous sensors log in different formats. The parser should normalize at least the following subset of fields to the following Metron JSON naming conventions:
24.
24 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Metron UI with Kibana 4
25.
25 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Building a Use Case in Metron Squid Logs (Metron Reference App)
26.
26 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron Reference Application Squid Sensor What is the Reference App? – A use case that showcases the following: 1. How to add telemetry events from a new data source (Squid) which covers parsing, filtering, transforms and validates 2. How to see the new Events in the Metron UI 3. How to enrich the telemetry events 4. How to do threat intel cross reference checks against event 5. How to raise alerts 6. How to persist (index, long term storage) the events Why do we need it? – Similar to the famous java pet store app, it provides an app that is constantly updated to showcase new features. What are the updates to the Metron Reference App with TP2? – Using Stellar framework to filter, transform and validate events – How to work with the New Metron UI to display new events – Using Stellar framework to do threat triage – Streaming enrichments How do you consume it? https://cwiki.apache.org/confluence/display/METRON/Metron+Reference+Application
27.
27 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Use Case Setup • Scenario • Customer Foo has installed Metron TP2 and they are using the out of the box data sources (PCAP, YAF/Netflow, Snort and Bro). They love Metron! • But now they want to add new data source the the platform: squid proxy logs. • Customer Foo’s requirements are the following 1. Need to ingest the proxy events from Squid logs in real-time 2. The proxy logs have to be parsed into a standardized JSON structure that Metron can understand 3. In real-time, the squid proxy event needs to be enriched with domain/whois information (domain, cert, country, company) 4. In real-time, the domain of the proxy event must be checked against for threat intel feeds 5. If there is a threat intel hit, an alert needs to be raised 6. The system should provide the ability to configure rules via a custom DSL to prioritize/score different types of alerts 7. The end user must be able to see the new telemetry events and the alerts from the new data source
28.
28 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Squid Use Case
29.
29 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron 0.2 Squid Use Case Step 1b NiFi TailFile Step 1a Create Topic Step 2 Define Parser Step 3 Enrichment Config Step 4 Configure Alerts Step 5 Create Dashboard Configuration Driven
30.
30 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved • What is Squid? • Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages • What does a Squid Access Log look like? • When you make an outbound http connection to https://www.cnn.com, the following entry is added to a file called access.log: 1461576382.642 161 98.220.218.158 TCP_MISS/200 103701 GET http://www.cnn.com/ - DIRECT/199.27.79.73 text/html Unix Epoch Time IP of host where connection was made Domain name of the outbound connection Squid & its Telemetry Event
31.
31 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved • What is Squid? • Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages • What does a Squid Access Log look like? • When you make an outbound http connection to https://www.cnn.com, the following entry is added to a file called access.log: 1461576382.642 161 98.220.218.158 TCP_MISS/200 103701 GET http://www.cnn.com/ - DIRECT/199.27.79.73 text/html Unix Epoch Time IP of host where connection was made Domain name of the outbound connection Convert from Unix Epoch to Timestamp Asset enrichment to enrich IP (hostname, type of device) WHOIS enrichment to look up domain name information Threat Intel to cross-reference IP with intel feed to see if there is a hit Index the event into Elastic and persist in HDFS (Security Data Vault) What Metron does to the Squid telemetry in real-time Squid & its Telemetry Event
32.
32 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved 1461576382.642 161 98.220.218.158 TCP_MISS/200 103701 GET http://www.cnn.com/ - DIRECT/199.27.79.73 text/html Step 1 Telemetry Ingest Step 1a Create Topic in Kafka Step 1b NiFi TailFile /usr/hdp/current/kafka-broker/bin/kafka-topics.sh --zookeeper $ZOOKEEPER_HOST:2181 --create --topic squid --partitions 1 --replication-factor 1 Ingest Squid logs into squid Kafka topic via NiFi
33.
33 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Step 2 Configuring the Squid Parser Defining the Grok Filter for the Squid data • Grok vs Java no custom code • Suitable for structured or semi-structured logs • Pre-defined mappings • Regex-based TIMESTAMP_ISO8601 NUMBER WORD HOSTNAME IP USERNAME SQUID_DELIMITED %{NUMBER:timestamp}.*%{INT:elapsed} %{IP:ip_src_address} %{WORD:action}/%{NUMBER:code} %{NUMBER:bytes} %{WORD:method} %{NOTSPACE:url}.*%{IP:ip_dst_addr} 1461576382.642 161 98.220.218.158 TCP_MISS/200 103701 GET http://www.cnn.com/ - DIRECT/199.27.79.73 text/html Squid Grok Filter: Pre-defined Grok mappings for IP address and url are used
34.
34 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Step 2 Configuring the Squid Parser Squid Parser and Transform Configuration { "parserClassName": "org.apache.metron.parsers.GrokParser", "sensorTopic": "squid", "parserConfig": { "grokPath": "/apps/metron/patterns/squid", "patternLabel": "SQUID_DELIMITED", "timestampField": "timestamp" }, "fieldTransformations" : [ { "transformation" : "MTL" ,"output" : [ "full_hostname", "domain_without_subdomains" ] ,"config" : { "full_hostname" : "URL_TO_HOST(url)" ,"domain_without_subdomains" : "DOMAIN_REMOVE_SUBDOMAINS(full_hostname)" } } ] } Kafka Topic Filter Location Stellar Transformation Language Create 2 additional fields: applying USL_TO_HOST and DOMAIN_REMOVE_SUBDOMAINS Stellar Transformation Language DOMAIN_TO_TLD (domain) DOMAIN_REMOVE_TLD(domain) URL_TO_HOST(url) URL_TO_PROTOCOL(url) … Parser Configurations Field Transformations • Configuration stored in ZooKeeper • Configure parser and field transformations
35.
35 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Data Ingestion Checkpoint / Tracing an event Raw Source Data Metron JSON Object • Numerous sensor logs in different formats • The parser normalizes a subset of fields • Data is parsed into the Metron JSON Object 1462366408966.966 161 127.0.0.1 TCP_MISS/200 105413 GET tp://www.cnn.com/ - DIRECT/199.27.79.73 text/html Metron Storm Parsing
36.
36 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Step 3 Configure Real-time Enrichment Enriching events with WHOIS information • Enrichment reference data stored in HBase • Configuration stored in ZooKeeper • WHOIS data bulk loaded using Metron framework • Sample WHOIS data used: Metron Enrichment Store (HBase/) Enrichment Loader Framework Bulk Load Polling Enrichment Source Storm Bolt Cache Metron Streaming Messages Enriched Metron Streaming Messages google.com, "Google Inc.", "US", "Dns Admin",874306800000 work.net, "", "US", "PERFECT PRIVACY, LLC",788706000000 capitalone.com, "Capital One Services, Inc.", "US", "Domain Manager",795081600000 cisco.com, "Cisco Technology Inc.", "US", "Info Sec",547988400000 cnn.com, "Turner Broadcasting System, Inc.", "US", "Domain Name Manager",748695600000 Bulk Load or Streaming
37.
37 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved { "zkQuorum" : "$ZOOKEEPER_HOST:2181" ,"sensorToFieldList" : { "squid" : { "type" : "ENRICHMENT" ,"fieldToEnrichmentTypes" : { "domain_without_subdomains" : [ "whois" ] } } } } { "config" : { "columns" : { "domain" : 0 ,"owner" : 1 ,"home_country" : 2 ,"registrar": 3 ,"domain_created_timestamp": 4 } ,"indicator_column" : "domain" ,"type" : "whois" ,"separator" : "," } ,"extractor" : "CSV" } Step 3 Configure Real-time Enrichment Extractor Configuration Enrichment Configuration Metron Enrichment Bulk Loader Utility Map Columns to enrichment data source Identify column to match on Configure field to enrichment type mapping
38.
38 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Data Enrichment Checkpoint / Tracing an event Metron JSON Object Enriched Metron object • Enrichment data is added to the Metron JSON Object Owner Data Enrichment Each event is enriched with WHOIS data data based on domain mapping Country Registrar
39.
39 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Threat Intel Store (HBase) Threat Intel Loader Framework Bulk Load Polling Storm Bolt Cache Metron Streaming Messages (Enriched) Enriched Metron Streaming Messages (Enriched) + Threat Intel Hits Threat Intel Feed Source (Optional) Threat Intel Aggregator • Threat Intel feeds are either bulk loaded or streamed • Similar to enrichment framework • Mapping to flag out any matches between the Threat Feed and Streaming data • is_alert flag=true is generated on matches Alerts via Threat Intel Feeds Stellar Transformation Language DOMAIN_TO_TLD (domain) DOMAIN_REMOVE_TLD(domain) URL_TO_HOST(url) URL_TO_PROTOCOL(url) … • Metron ‘Threat Triage’ • Define rules based on incoming data • Use any field within the rules (newly enriched fields) • Label alert severity levels based on rule conditions Alert severity via Defined Rules Step 4 Configure Threat Intel and Alerting
40.
40 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved { "config" : { "columns" : { "domain" : 0 ,"source" : 1 } ,"indicator_column" : "domain" ,"type" : "zeusList" ,"separator" : "," } ,"extractor" : "CSV" } • Domain is mapped against this Threat Intel Feed • Alerts generated when a match is hit • Zeus malware tracker list used • Feed Bulk Loaded: domain,source • Sample threat intel data: Threat Intel Feed Mapping Stellar Transformation Language DOMAIN_TO_TLD (domain) DOMAIN_REMOVE_TLD(domain) URL_TO_HOST(url) URL_TO_PROTOCOL(url) … Step 4a Configure Threat Intel and Alerting malware_intel_feed.csv 039b1ee.netsolhost.com,abuse.ch 03bbec4.netsolhost.com,abuse.ch 0if1nl6.org,abuse.ch 0x.x.gg,abuse.ch 1st.technology,abuse.ch 76tguy6hh6tgftrt7tg.su,abuse.ch agiftcard724.com,abuse.ch … Identify column mappings for the threat Intel feed Specify column to match on { "zkQuorum" : "$ZOOKEEPER_HOST:2181" ,"sensorToFieldList" : { "squid" : { "type" : "THREAT_INTEL" ,"fieldToEnrichmentTypes" : { "domain_without_subdomains" : [ "zeusList" ] } }}} Metron Threat Intel Bulk Loader Utility Configure field to threat Intel mapping
41.
41 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Requirement For Scoring a Specific Type Threat Intel Alert: – Rule 1: If the threat intel enrichment came from threat intel feed called zeusList is alerted, then we want to consider that an alert of score of 5 – Rule 2: If the url is neither a .com nor a .net, then we want to consider that alert a score of 10 Step 4b Alert Triage (Scoring Alerts) Rule 2 If url is not a .com OR .net. Score = 10 Rule 1 If threat intel exists in the Zeus list. Score = 5 Aggregator defined for when multiple conditions are met
42.
42 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Visualize Enriched Data and Alerts (Example) Trend of Metron generated alerts for data categorized by the alert risk level Drill down into Squid data events • Kibana Driven Dashboards • List and Visualize Squid Data List of Metron generated alerts ordered by risk level - record level drill down Step 5 Enhance the Metron UI
43.
43 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Metron Default Dashboard Kibana 4 • Displaying network data collected from the Metron probes • In-built geo enrichment for default sensors feed the map view
44.
44 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved Key Takeaways… • Easy Extensibility - The ability to add new data source without writing any code and in an easy manner!! • Repeatable Pattern - The reference application represents a repeatable pattern that you can apply to most data sources • Configuration Drive - End to end framework to build real-time enrichment and alerting data pipelines
45.
45 © Hortonworks
Inc. 2011 – 2016. All Rights Reserved
Télécharger maintenant