For my master thesis I am looking into enterprise architecture, which I want to combine with thread intelligence sharing platforms. During my research I came across the platform HCP, and was wondering if someone could answer me some questions about it:
1) Which informations security processes (for example ISRM, ISMS) does your platform support? (If any)
2) Which import / export possibilities (including standards like TOGAF etc.) does your platform support?
3) Which data sources (external, internal, sensor data...) does your platform support?
4) Is it possible to exchange information between your platform and EA tools, or even integrate it?
5) Is your platform open source?
This would help my master thesis alot!
Thanks in advance!
The HCP platform is a distribution of 100% Open Source software (Apache Metron) which uses platforms including HDP and HDF underneath, which are themselves based on a variety of different open source projects. As such, there is a significant variety of underlying architectural methodologies across all the composite dependencies, which makes your other questions difficult to answer precisely.
In terms of import and export restrictions, that really doesn't have anything to do with TOGAF, which is an architecture methodology standard. I would refer you to the license agreements and export restrictions docs on that.
The data sources supported vary widely, and are highly extensible, but include things like common firewall (Palo Alto, Cisco ASA, Checkpoint and others), proxy (e.g bluecoat, squid), VPN, RAS, netflow, PCAP, deep packet inspection, IDS as well as common windows and linux server logs over transports like syslog, and also various common SIEM formats like CEF (Arcsight) and LEEF. In addition to this, standard threat indicators in Stix format and other standard data serialization formats like CSV, JSON, XML and others are supported. We also support additional data sources through custom parsers, regex and Grok patterns, which means this list can go on and on. The key is that if the data could be relevant to a security problem, we can ingest it and parse it to make it make sense.