THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
What is the Metron Reference App?
A use Case that showcases the following:
- How to add telemetry events from a new data source (Squid) which covers parsing, filtering, transforms and validates
- How to see the new Events in the Metron UI
- How to enrich the telemetry events
- How to do threat intel cross reference checks against event
- How to raise alerts
- How to persist (index, long term storage) the events
Why Do We need it?
Similar to the famous java pet store app, it provides an app that is constantly updated to showcase new features.
What are the updates to the Metron Reference App with Metron 0.2 release?
- Using Stellar framework to filter, transform and validate events
- How to work with the New Metron UI to display new events
- Using Stellar framwork to do threat triage
- Streaming enrichments