This course will provide a comprehensive introduction to the capabilities of Metron. The student will begin with installing Metron. After learning Metron’s domain specific languages (DSL), the Stellar Query and the Stellar Transformation Language, the student will create security telemetries, create enrichments, work with pluggable threat intelligence and understand the process of threat triage. The course will conclude with the student doing streaming enrichment and dashboarding with Kibana.
An experiential or academic understanding of the need for centralizing the use and monitoring of capabilities provided by the tools of Cybersecurity such as pcap, netflow, bro, snort, fireye, and Sourcefire. The student should understand how software services can combine security information management (SIM) and security event management (SEM). The student should have an understanding of services that provide real-time analysis of security alerts generated by applications and network hardware-based operating system and command line scrip
5 Days/Lecture & Lab
Individuals who want to understand the capabilities of Metron.