Verify That CCP Deployed Successfully for Ambari Install

After you install Cloudera Cybersecurity Platform (CCP), you need to verify that your services are displayed in Ambari and that you can access the Metron Dashboard.

  1. Verify that the topologies bundled with CCP are deployed.
    From Ambari, navigate to Storm > Quick Links > Storm UI.
    You should see the following topologies listed:
    • Snort
    • pcap
    • YAF (Yet Another Flowmeter)
    • Bro Network Security Monitor
    • Indexing topology
  2. Check that the enrichment topology has emitted some data.
    This could take a few minutes to show up in the Storm UI. The Storm enrichment topology UI should look something like the following:

    Storm UI with Enrichment Details

  3. Ensure that the Metron dashboard is available and receiving data by displaying the dashboard at $METRON_UI_HOST:5000.
    Check to ensure that the indexing is done correctly and the data is visualized.
  4. Check to ensure that some data is written into HDFS at /apps/metron for at least one of the data sources.
Customize CCP to meet your own needs.