SoylentNews

Phoenix666 [soylentnews.org] writes:

The Apache Software Foundation (ASF) has announced Metron [theregister.co.uk], a cybersecurity applications framework for centralised monitoring and analysis of network traffic, as its newest top-level project.

Metron was born out of Cisco's OpenSoc project in 2014. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop framework. But where OpenSoc would have consumed and monitored network traffic and machine exhaust data out of data centers, Metron is a framework which can handle any kind of telemetry data.

The project was submitted to the Apache Incubator in December 2015, and its first release, Apache Metron v0.1, debuted in April 2016. As a top-level project its foundations remain in the Hadoop ecosystem, and it is built atop fellow Apache projects Storm, HBase and Kafka to handle streaming data in a real-time fashion.

Metron ingests, transforms, and normalises telemetry, including full network packet capture, and the data it takes in can be enriched with additional elements such as geographic location or asset identifiers as it streams by.

Original Submission