While we can use Ambari managed HDP cluster with Metron (link here), but Ambari is simply managing the cluster. If you want to manage Elastic search through Ambari, you can use the following "unsupported" ambari elastic search service to manage Elastic Search from ambari.
But you are not going to be looking into your Metron data through Ambari. That will be either querying elastic Search (assume Kibana dashboard) or query HBase/HDFS where Metron stores data. Supported Metron data stores.
I'd recommend against using the Symantec service defination. Metron actually has an Ambari Management pack that will install service definitions for Elasticsearch, Kibana, and Metron.
You can find it here. The README has installation details. Please let me know if there's anything confusing there.