Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Just starting with Metron and have few queries

Just starting with Metron and have few queries

New Contributor

Hi All,

I am pretty novice with Metron and just starting with this. However I am very well versed with ELK stack and have played a lot with ELK based SIEMs. Though I have few queries regarding Metron?

  1. Are there parsers readily available for network devices like Palo Alto, CISCO, CheckPoint, Fortinet, Routers etc?
  2. Its because I guess logstash does not work Metron [I may be wrong]
  3. Where can I get a sizing guide for around say 500 users organization?
  4. Is there any SOAR capability availiable with Metron as well as Opensource ML capability?

TIA

Blason R

3 REPLIES 3
Highlighted

Re: Just starting with Metron and have few queries

New Contributor

Hi team,

Any clue on parsers? Can someone please update?

Highlighted

Re: Just starting with Metron and have few queries

@Blason R

Yes....some parsers(Palo Alto,sourcefire,Fireeye,etc) are readily available on Metron.

You can view list of readily available parsers from Metron Management UI >> Create Sensor >> Parser Type

CSV parser can use with any comma seperated logs and Grok parser can use with any log by writing custom grok patterns.

Also you can create java custom parser for better performance and customization (deploy custom parser jar file to "METRN_HOME/parser_contrib" and restart metron rest,then you can able to view that custom parser in the list on metron management ui)

Refer this link for more about this

https://github.com/apache/metron/tree/master/metron-platform/metron-parsers

Highlighted

Re: Just starting with Metron and have few queries

New Contributor

Awesome!! Thanks for the reply.

BTW is there any sizing guide available for Metron?

Don't have an account?
Coming from Hortonworks? Activate your account here