May the 4th Be With You: Apache Metron Intro and CodeLab CyberSecurity Analytics

http://photos2.meetupstatic.com/photos/event/5/8/6/8/600_449182632.jpeg

Raffle at the meetup! Win app-enabled Droid, BB-8, built by robot maker, Sphero! (http://blog.sphero.com/blog/introducing-bb-8/)

Pizza and Beverages

Free. Register Today. Space is limited.

Pre-reqs for the Code Lab

1. Bring your laptop

2. Install VirtualBox (https://www.virtualbox.org/wiki/Downloads)

3. Install JDK 1.8 (x64) (http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) and ensure that java is on your path (you should be able to type “java’ in a terminal in any directory)

4. Install Maven (https://maven.apache.org/download.cgi) and make sure it is on the path (you should be able to type mvn in a terminal in any directory)

5. Install Ansible 2.0.0.2 (e.g: pip install ansible ==2.0.0.2) (http://docs.ansible.com/ansible/intro_installation.html)

6. Install the latest Vagrant (https://www.vagrantup.com/downloads.html)

7. Have an IDE available (e.g; IntelliJ, Eclipse)

8. Try to deploy Metron on a single Node Vagrant VM. Instructions are here (https://community.hortonworks.com/articles/24818/metron-tech-preview-1-install-instructions-on-sing.html)

9. If you run into any issues, you have two great places to ask questions:

The CyberSecurity Track (https://community.hortonworks.com/spaces/111/index.html)in the Hortonworks Community Connection. When you ask the question, make sure you select the “CyberSecurity” Track and mark with the following tags: “Metron”, “tech-preview”, “dc-metron-hackathon”

The Apache Metron Dev or user mailing list. Use user@metron.incubator.apache.org for general usability questions and use dev@metron.incubator.apache.org for dev questions. Note you have to subscribe to each of these mailing lists first. See instructions on how to subscribe in the Join the Apache Metron Community section (http://hortonworks.com/blog/apache-metron-tech-preview-1-come-get/).

Apache Metron Overview and Codelab: Building the next Generation Cyber Security Analytics Platform to Find the Needle in the Haystack

Apache Metron garnered the necessary votes from the Metron IPMC and Apache Incubator PMC members for its first release: Apache Metron 0.1. Join your cyber security expert organizers, George Vetticaden Principal Product Manager of Apache Metron (Hortonworker), James Sirota, Cisco OpenSOC founding team leader and Data Scientist (Hortonworker), Jai Rao, Director, Enterprise Data Services (Capital One) and Sagar Gaikwad, Manager, Big Data CyberTech (Capital One). This session is intended for all, CISOs, Security Operation Center (SOC) professionals and software developers who are interested in contributing to the Apache Metron Community and the areas that interest them. The focus of this meeting is bringing peers together to accelerate innovation and time to detect and respond to an Advanced Persistent Threat.

The meetup will be split into two sessions. There will be an overview of Apache Metron followed by a Code Lab. The first session will cover challenges with traditional cyber applications, an introduction to Apache Metron, and new features and enhancements in Metron 0.1.

During the second session and Code Lab, the meetup leaders will walk through the IDE setup with Metron codebase, installing Metron on a single Dev VM and adding new telemetry data sources to the platform.

Agenda for Overview of Apache Metron (5:30-6:30)

Speakers: George Vetticaden, Jai Rao, and Sagar Gaikwad

• Challenges with Today’s Security Tools to Combat Cyber Attacks

• Introduction to Apache Metron

• The User Personas for Apache Metron

• Why Apache Metron?

• Data Scientist Perspective

• SOC Analyst/Investigator Perspective

• Metron Deep Dive - Tracing a telemetry event as it flows through the platform

Agenda for CodeLab (6:30 to 9:00)

Workshop Leaders: James Sirota, Jai Rao, and Sagar Gaikwad

• Setup Development/IDE environment with Apache Metron code base

• Build and deploy Metron application on a vagrant VM on your workstation

• Add a new security telemetry data source to Metron

• Use Apache Nifi to ingest events from new data source into Metron

• Add new Storm topology to Metron to parse events for new data source

• Add Net New enrichments for the new data source

• Add Net new threat intel data

• Build and deploy new updated Metron application with support of new telemetry data source

• Walkthrough the Metron UI and show new events from new data source as it flows into Metron

For folks that can't attend in person, we will have webex/zoom session for the first part of the session:

https://hortonworks.zoom.us/j/830206650