Apache Metron Cybersecurity Overview and Codelab: Meet the Experts!

This is a past event

122 people went

Location image of event venue


Free. Register Today. Space is limited.

Apache Metron is a cyber security application framework that provides organizations the ability to ingest, process and store diverse security data feeds at scale and in real-time in order to detect cyber anomalies and enable organizations to rapidly respond to them. Apache Metron is a fantastic proxy for learning how to build a complete streaming analytics solution that scales. This meetup will be split into two sessions. The first part will be an overview of Apache Metron followed by a Code Lab. During the first session we will cover challenges with traditional cyber applications and an introduction to Apache Metron.


James Sirota, Apache community member, PPMC member and a release manager for Apache Metron (Incubating). James currently serves as a Director of Security Solutions at Hortonworks and was previously Chief Data Scientist at Cisco as the Lead Architect on OpenSOC. James has a CISSP-ISSAP and over 15 years of experience as a security practitioner. He holds a B.S. in Computer Science and M.S. in Computer Engineering from Arizona State University and University of Southern California respectively.

Casey Stella principal architect focusing on Data Science on the Apache Metron project at Hortonworks. Casey specializes in writing software and solving problems where there are either data science challenges or scalability concerns due to large amounts of traffic or large amounts of data. Casey was previously an architect and senior engineer at a healthcare informatics startup spun out of the Cleveland Clinic, and a developer at Oracle and as a Research Geophysicist in the Oil & Gas industry. Casey has a Masters in Mathematics from Texas A&M.


During the second session and Code Lab, we will walk through the IDE setup with Metron codebase, installing Metron on a single Dev VM and adding new telemetry data sources to the platform.

A preliminary agenda is as follows (this may change as we get closer):

Overview of Cybersecurity and Apache Metron (6:15 – 7:00)
• Challenges with Today’s Security Tools to Combat Cyber Attacks
• Introduction to Apache Metron
• The User Personas for Apache Metron
• Why Apache Metron?
• Data Scientist Perspective
• SOC Analyst/Investigator Perspective
• Metron Deep Dive - Tracing a telemetry event as it flows through the platform

CodeLab (7:00 to 9:00)
• Setup Development/IDE environment with Apache Metron code base
• Build and deploy Metron application on a vagrant VM on your workstation
• Add a new security telemetry data source to Metron
• Use Apache Nifi to ingest events from new data source into Metron
• Add new Storm topology to Metron to parse events for new data source
• Build and deploy new updated Metron application with support of new telemetry data source
• Walkthrough the Metron UI and show new events from new data source as it flows into Metron