February Lab - Apache Metron (Incubating)

Let's get hands on with Apache Metron (http://metron.incubator.apache.org/) (incubating)! Apache Metron is an open source technology that integrates a variety of big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.

Directions

More details are available at http://www.cmu.edu/visit.

Parking is free after 5:00pm at P7 (East Campus Garage) or P16 (Moorewood). Walk along the red line to get to your destination in Wean Hall (Building 37), room 5415.

https://drive.google.com/uc?export=download&id=0B2NDLONqoOuTRE1JZG1sN1AyQjg

If entering by Hamerschlag Hall (South Entrance), walk through the doors into lobby, turn right down the 5400 corridor and the room will be on your left.

If entering via Newell Simon by Hamburg Hall (North Entrance), follow signage for Wean Hall. This means go up the steps, then turn left and walk over the bridge. Walk until you see the elevators, go up to floor 5, then take a left down the 5400 corridor and the room will be on your left.

To take a look at the Apache Metron code, check it out at https://github.com/apache/incubator-metron.

Lap Preparation

Please prepare your system prior to the event by taking the following steps:

• Install VMWare virtualization software (Fusion/Workstation) on a laptop (don't forget to bring your laptop and a charger to the event!)
• Build a VM running CentOS 6.8 (http://isoredirect.centos.org/centos/6/isos/x86_64/) with the ability to run a nested VM (https://communities.vmware.com/docs/DOC-8970). Be sure to allocate as many resources to the VM as is reasonable for your system (if you have it available to you, you can run the VM on ESXi but manage it locally). The CentOS 6.8 installer will be available via 10 USB thumb drives at the event.
• In the VM, install git via `sudo yum -y install git` and then clone the lab via `git clone git://github.com/jonzeolla/lab-securitydataanalysis.git`
• Finally, run the setup* with the command `lab-securitydataanalysis/setup/setup.sh -vs quick` and properly interact with the script when prompted. To force installation of everything you can run -f.

• Warning: This may take more than an hour to run, depending on your system

Sponsored by

https://drive.google.com/uc?export=download&id=0B2NDLONqoOuTaEtUT282WFlhNEk