Chapter 1. Overview

This guide is intended for use by Security Operations Center (SOC) analysts and investigators.

This guide describes two user interfaces and a tool included with HCP that are designed for the SOC analysts and investigators:

Metron Dashboard
This user interface is for Elasticsearch users only. If you are using Solr, refer to the Solr documentation for information on the user interface.
A Kibana-based dashboard designed to identify, investigate, and analyze cybersecurity data. The Metron dashboard displays all of the data on a single dashboard enabling you to filter through the irrelevant data and display just the information, alerts, and context for which you are looking.
Refer to the following chapters:
- Introduction to the Metron Dashboard
- Customizing Your Metron Dashboard
Alerts User Interface
This GUI is a standalone user interface that connects to Solr or Elasticsearch to show the alerts but also store all other data in the browser cache.
Refer to the following chapter:
- Triaging Alerts
pcap
The pcap data source can rapidly ingest raw data directly into HDFS from Kafka. As a result, you can store all of the raw packet capture data in HDFS and review or query it at a later date.
Refer to the following chapter:
- PCAP

​Chapter 1. Overview