Administration
Copyright © 2012-2017 Hortonworks, Inc.
Except where otherwise noted, this document is licensed under Creative Commons Attribution ShareAlike 4.0 License |
2017-11-22
Abstract
Hortonworks Cybersecurity Package (HCP) is a modern data application based on Apache Metron, powered by Apache Hadoop, Apache Storm, and related technologies.
HCP provides a framework and tools to enable greater efficiency in Security Operation Centers (SOCs) along with better and faster threat detection in real-time at massive scale. It provides ingestion, parsing and normalization of fully enriched, contextualized data, threat intelligence feeds, triage and machine learning based detection. It also provides end user near real-time dashboards.
Based on a strong foundation in the Hortonworks Data Platform (HDP) and Hortonworks DataFlow (HDF) stacks, HCP provides an integrated advanced platform for security analytics.
Please visit the Hortonworks Data Platform page for more information on Hortonworks technology. For more information on Hortonworks services, please visit either the Support or Training page. Feel free to Contact Us directly to discuss your specific needs.
Contents
- 1. HCP Information Roadmap
- 2. Introduction to Hortonworks CyberSecurity Suite
- 3. Configuring and Customizing
- Adding a New Telemetry Data Source
- Enriching Telemetry Events
- Configuring Indexing
- Using Threat Intelligence Feeds
- Prioritizing Threat Intelligence
- Setting Up Enrichment Configurations
- Global Configuration
- Configuring the Profiler
- Creating an Index Template
- Configuring the Metron Dashboard to View the New Data Source Telemetry Events
- Setting up pcap to View Your Raw Data
- Troubleshooting Parsers
- 4. Monitor and Management
- 5. Concepts
- A. Stellar Language Functions
List of Figures
- 2.1. HCP Architecture
- 3.1. New TailFile Processor
- 3.2. Configure Processor Dialog Box Settings Tab
- 3.3. NiFi Configure Processor
- 3.4. Configure Processor Settings Tab
- 3.5. Configure Processor Properties Tab
- 3.6. nifi_create_connection.png
- 3.7. NiFi Dataflow
- 3.8. Operate Panel
- 3.9. New Sensor Panel
- 3.10. Grok Validator Panel
- 3.11. New Schema Information Panel
- 3.12. Elasticsearch With Index Information
- 3.13. New Schema Information Panel
- 3.14. Populated New Schema Information Panel
- 3.15. Management Module Advanced Panel
- 3.16. Threat Intel Configuration
- 3.17. New Schema Information Panel
- 3.18. Threat Triage Rules Panel
- 3.19. Edit Rule Panel
- 3.20. Investigation Module Triaged Alert Panel
- 4.1. Management Module Main Window
- 4.2. Sensor Panel
- 4.3. ambari_configs_parsers.png
- 4.4. Error Dashboard
- 4.5. Ambari Services Tab
- 4.6. Confirmation Dialog Box
- 4.7. Ambari Background Operations
- 4.8. Ambari Metron Summary Window
- 4.9. Components Window
- 4.10. Ambari Metron Summary Window
- 4.11. Components Window
- 4.12. Ambari Metron Summary Window
- 4.13. Components Window
- 5.1. Configuration File with Transformation Information
- 5.2. Indexing Architecture
- 5.3. HCP Enrichment Flow
List of Tables
- 1.1. HCP Additional Information
- 3.1. Global Configuration Properties
- 3.2. Profiler Properties
- 4.1. Properties Managed by Ambari
- 5.1. Individual Enrichment Configuration Fields
- 5.2. Threat Intelligence Enrichment Configuration
- 5.3. triageConfig Fields
- A.1. Stellar Language Keywords
- A.2. Stellar Language Functions