HCP Architecture
Hortonworks CyberSecurity Package (HCP) is a cybersecurity platform. It consists of the following components:
Each of these components is described in the following sections.
The core of the HCP architecture is the Apache Metron real-time processing security engine. The data flow for HCP is performed in real-time and contains the following steps:
Information from telemetry data sources is ingested into Kafka topics. (Kafka is the telemetry event buffer.) A Kafka topic is created for every telemetry data source. This information is the raw telemetry data consisting of host logs, firewall logs, emails, and network data.
Once the information is ingested into Kafka topics, the data is parsed into a normalized JSON structure that Metron can read.
The information is then enriched with asset, geo, threat intelligence information, etc.
The information is then indexed, stored, and any resulting alerts are sent to the Metron dashboard, the Alerts user interface, as well as telemetry.