Homepage
/
Cybersecurity
2.0.1
(latest)
Search Documentation
▶︎
Cloudera
Reference Architectures
▶︎
Cloudera on cloud
Getting Started
Patterns
Preview Features
Data Catalog
Data Engineering
Data Flow
Data Hub
Data Warehouse
Data Warehouse Runtime
Cloudera AI
Management Console
Operational Database
Replication Manager
DataFlow for Data Hub
Runtime
▶︎
Cloudera on premises
Data Services
Getting Started
Cloudera Manager
Management Console
Replication Manager
Data Catalog
Data Engineering
Data Warehouse
Data Warehouse Runtime
Cloudera AI
Base
Getting Started
Runtime
Upgrade
Storage
Flow Management
Streaming Analytics
Flow Management Operator
Streaming Analytics Operator
Streams Messaging Operator
▶︎
Cloudera Manager
Cloudera Manager
▶︎
Applications
Cloudera Streaming Community Edition
Data Science Workbench
Data Visualization
Edge Management
Observability SaaS
Observability on premises
Workload XM On-Prem
▶︎
Legacy
Cloudera Enterprise
Flow Management
Stream Processing
HDP
HDF
Streams Messaging Manager
Streams Replication Manager
▼
«
Filter topics
Cloudera Cybersecurity Platform
▶︎
Release Notes
Release Notes Introduction
Apache Component Support
New Features
Support Matrix
JDK Support Matrix
▶︎
Deprecation Notices
Terminology
Deprecation Notices
▶︎
Unsupported Features
Community Features
Technical Preview Features
CCP 2.0.1 Repositories
Upgrading to CCP 2.0.1
Third-Party Licenses
▶︎
Known Issues
Known Differences Between CCP 2.0.1 and HCP 2.0.0
Known Differences Between CCP 2.0.1 and Apache Metron 0.7.1
Support Matrix
▶︎
Concepts
▶︎
CCP Architecture
Real-Time Processing Security Engine
CCP High Level Architecture
Telemetry Data Collectors
Data Services and Integration Layer
▶︎
CCP Terminology
CCP Terminology
▶︎
Understanding Parsing
▶︎
Parser Overview
Java Parsers
General Purpose Parsers
Parser Message Routing
▶︎
Parser Configuration
Example: fieldTransformation Configuration
▶︎
Understanding Enriching
▶︎
Enrichment Framework
▶︎
Sensor Enrichment Configuration
Individual Sensor Enrichments
Stellar Enrichments
Threat Intelligence Enrichments
Using Stellar to Set up Threat Triage Configurations
Global Configuration
Use Stellar for Queries
Use Stellar to Transform Sensor Data Elements
Management Utility
▶︎
Understanding Fastcapa
Fastcapa
▶︎
Understanding Profiling
Understanding Profiling
▼
Installation & Upgrade
▼
Installation
▶︎
Preparing to Install
Cloudera Cybersecurity Platform Information Roadmap
Introduction to Cloudera Cybersecurity Platform
▶︎
Preparing to Install
Operating System Requirements
Browser Requirements
Infrastructure Requirements
Software Requirements
Memory Requirements
Maximum Open File Descriptors
▶︎
Installing with Ambari
▶︎
Installing CCP Using Ambari
▶︎
Prerequisites for an Existing Cluster
Specifications for Hadoop Cluster
Specifications for Metron Nodes
Set up the REST Application Database
▶︎
Install CCP on an Ambari Cluster
Install HCP Ambari Management Pack
Install Solr
Install, Configure, and Deploy a HDP Cluster with CCP
Switch to LDAP Access Privileges
Import Apache Zeppelin Notebook Using Ambari
Streaming Data into CCP
Verify That CCP Deployed Successfully for Ambari Install
Open the Metron Dashboard
Opening the Management User Interface
Opening the Alerts User Interface
Troubleshooting Your Installation
Optimization Guidelines
▶︎
Setting Up Knox SSO
Knox Overview
Knox Security
Installing Knox
Setting Up Knox SSO
▶︎
Enabling Kerberos
▶︎
Enable Kerberos
Checklist: Installing and Configuring the KDC
Optional: Install a new MIT KDC
Optional: Use an Existing IPA
Install the JCE for Kerberos
Launch the Kerberos Wizard (Automated Setup)
Set up TGT Renewal
▼
Installing Zeppelin
Introduction to Using Zeppelin With CCP
▼
Installing Zeppelin
Install Apache Zeppelin Using Ambari
Import the Apache Zeppelin Notebook Manually
▶︎
Upgrade
▶︎
Preparing to Upgrade
▶︎
Preparing to Upgrade
Stop All Metron Services
Back up Your Configuration
Remove Metron Installation
▶︎
Upgrading Metron
Upgrade Metron
▶︎
Post Upgrade
▶︎
Mandatory Post-Upgrade Tasks
Upgrading Your Configuration
Changes to STELLAR Language
▶︎
Upgrading Elasticsearch
▶︎
Upgrading Elasticsearch for CCP
Upgrading Elasticsearch Alert Field
Changes to Supported Elasticsearch Properties Resulting from Migrating From Transport to REST Client
▶︎
Upgrading to Elasticsearch 5.6.x
Type Mapping Changes
▶︎
Troubleshooting Upgrade
▶︎
Troubleshooting
Checking the Status of the Parsers
▶︎
How To
▶︎
Configure
▶︎
Management User Interface
Getting Started with the Management User Interface
▶︎
Adding a New Telemetry Data Source
Prerequisites to Adding a New Telemetry Data Source
▶︎
Creating Parsers
Create a Parser for Your New Data Source by Using the Management UI
Create a Parser for Your New Data Source by Using the CLI
Create Multiple Parsers on One Topology
Chain Parsers
Tune Parser Storm Parameters by Using the Management UI
▶︎
Telemetry Data Source Parsers Bundled with CCP
Snort
Cisco Adaptive Security Appliance
Bro
ArcSight CEF
FireEye
YAF (NetFlow)
Indexing
pcap
▶︎
Configuring Indexing
Understanding Indexing
Default Configuration
▶︎
Solr
Create a New Solr Index Collection
▶︎
Elasticsearch
Create a New Elasticsearch Index Template
▶︎
Upgrading to Elasticsearch 5.6.x
Elasticsearch Type Mapping Changes
Update Elasticsearch Templates to Work with Elasticsearch 5.x
Update Existing Indexes to Work with Elasticsearch 5x
Add X-Pack Extension to Elasticsearch
▶︎
HDFS
Index HDFS Tuning
Turn Off HDFS Writer
Troubleshooting Indexing
Understanding Global Configuration
Create Global Configurations
Verify That Events Are Indexed
▶︎
Streaming Data
Stream Data Using NiFi
▶︎
Enriching Telemetry Events
▶︎
Enrichment Overview
▶︎
Setting Up Enrichment Configurations
Sensor Configuration
Transform Data Source Parser Information
▶︎
Configure Geocoding
Load Geocoding Information
Configure Organization Enrichment By Using the Management User Interface
Configure Organization Enrichment By Using CLI
▶︎
Batch Loading Enrichment Information
Batch Loading Sources
Configure an Extractor Configuration File
Configure Element-to-Enrichment Mapping
Run the Enrichment Loader
Stream Enrichment Information
▶︎
Configuring Threat Intelligence
▶︎
Enriching with Threat Intelligence Information
▶︎
Bulk Loading CSV Threat Intelligence Sources
Configure a CSV Extractor Configuration File
Configure CSV Mapping for the Intelligence Feed
Run the CSV Threat Intel Loader
▶︎
Bulk Loading Threat Intelligence Sources Using STIX/TAXII
Fetch Hail a TAXII Feeds
Configure TAXII Extractor Configuration File
Configure TAXII Connection Configuration File
Push Hail a TAXII Feeds to HBase
Verify Threat Intelligence Feeds in HBase
Map Fields to HBase Threat Intel by Using the Management User Interface
Map Fields to HBase Threat Intel by Using the CLI
Create a Streaming Threat Intel Feed Source
▶︎
Prioritizing Threat Intelligence
Understanding Threat Triage Rule Configuration
Configure Basic Threat Triage Rules
Configure Advanced Threat Triage Rules
View Triaged or Scored Alerts
▶︎
Synching With the Metron Dashboard
Create an Index Template
Configure the Metron Dashboard to View the New Data Source Telemetry Events
▶︎
Setting Up PCAP
▶︎
Setting up pcap Overview
Set up pycapa
Start pcap
▶︎
Installing Fastcapa
Requirements for Installing Fastcapa
Install Fastcapa Automatically
Install Fastcapa Manually
Enable Transparent Huge Pages
Install DPDK
Install Librdkafka
Install Fastcapa
▶︎
Using Fastcapa
Fastcapa Environmental Abstraction Layer Parameters
Fastcapa-Core Parameters
Fastcapa-Kafka Configuration File
Fastcapa Counters Output
Use Fastcapa in a Kerberized Environment
▶︎
Metron Dashboard
▶︎
Introduction to Metron Dashboard
▶︎
Introduction to Metron Dashboard
Functionality of Metron Dashboard
▶︎
Metron Default Dashboard
Events
Enrichment
YAF
Snort
Web Request Header
DNS
▶︎
Customizing Your Metron Dashboard
▶︎
Customizing Your Metron Dashboard
Launching the Metron Dashboard
Changing the Metron Dashboard Background Color
▶︎
Adding a New Data Source
Configuring a New Data Source Index
Reviewing the New Data Source Data
Querying, Filtering, and Visualizing Data
Customizing Your Dashboard
▶︎
Sharing the Metron Dashboard
Sharing the Metron Dashboard
▶︎
Triaging Alerts
Launch the Alerts User Interface
Getting Started with the Alerts User Interface
▶︎
Viewing Alerts
Start and Pause Automatic Polling
▶︎
Using the Alerts Table
Configure Table Columns
Set Timestamp to Local Time
Modify the Alert Data Refresh Rate
Modify Number of Alert Table Rows
Hide Resolved or Dismissed Alerts
Display Additional Alerts Information
Search Alerts
Filter Alerts
Manage Alert Status
Escalate an Alert
Group Alerts
Create a Meta Alert
Integrating Third-Party Portals
Save Your Searches
View Your Recent and Saved Searches
▶︎
Querying PCAP Data Using Fixed Filter
▶︎
Using PCAP
Capturing PCAP Data
Processing PCAP Data
View PCAP Data
▶︎
Filtering PCAP Data
Query PCAP Data Using the Fixed Filter Option
Query PCAP Data Using the Query Filter Option
▶︎
Methods to Execute PCAP Filter Options
Using the PCAP Panel UI to Query PCAP Data
Using the CLI to Query PCAP Data With the Fixed Filter Option
Using the CLI to Query PCAP Data With the Query Filter Option
Porting PCAP Data to Another Application
▶︎
Managing Sensors
▶︎
Managing Overview
Update Properties
Understanding ZooKeeper Configurations
▶︎
Managing Sensors
Start a Sensor
Stop a Sensor
Modify a Sensor
Delete a Sensor
Start and Stop Parsers
Start and Stop Enrichments
Start and Stop Indexing
Prune Data from Elasticsearch
Tune Apache Solr
Back Up the Metron Dashboard
Restore Your Metron Dashboard Backup
▶︎
Monitoring Sensors
▶︎
Monitor Overview
Understanding Throughput
Display the Metron Error Dashboard
Metron Error Dashboard Information
Default Metron Error Dashboard Section Descriptions
Reload Metron Templates
▶︎
Zeppelin
▶︎
Installing Zeppelin
Introduction to Using Zeppelin With CCP
▼
Installing Zeppelin
Install Apache Zeppelin Using Ambari
Import the Apache Zeppelin Notebook Manually
▶︎
Setting up Zeppelin to Run with CCP
Introduction to Using Zeppelin With CCP
▶︎
Setting up Zeppelin to Run with CCP
Using Zeppelin Interpreters
Loading Telemetry Information into Zeppelin
▶︎
Working with Zeppelin Notes
▶︎
Working with Zeppelin Notes
Create and Run a Note
Import a Note
Export a Note
Using the Note Toolbar
▶︎
Tuning
▶︎
General Tuning Suggestions
Introduction to Tuning CCP
General Tuning Suggestions
Recommended Deployment Guidelines
▶︎
Component Tuning Variables
Component Tuning Variables Overview
Kafka Partitions
Storm Tuning
Enrichment Tuning
Index Tuning
▶︎
Tuning Topologies
Performance Tuning Overview
▶︎
Tuning a Parser
Tune Parser Kafka Partitions
Storm Parser Parameters
Tune Parser Core Storm Settings
Tune Additional Parser Storm Settings
▶︎
Tuning an Enrichment Topology
Test Enrichment Topology Settings
Tune Enrichment Kafka Partitions
Storm Enrichment Parameters
Tune Enrichment Core Storm Settings
Tune Additional Enrichment Storm Settings
Modifying Enrichment Properties Using Flux (Advanced)
▶︎
Tuning a Batch Indexing Topology
Test Batch Indexing Topology Settings
Tune Batch Indexing Kafka Partitions
Storm Index Parameters
Tune Batch Indexing Core Storm Settings
Tune Additional Batch Indexing Storm Settings
Modifying Index Parameters Using Flux (Advanced)
▶︎
Tuning a Random Access Indexing Topology
Test Random Access Indexing Topology Settings
Tune Random Access Indexing Kafka Partitions
Tune Random Access Indexing Elasticsearch Templates
Tune Random Access Indexing Core Storm Settings
Tune Additional Random Access Indexing Storm Settings
▶︎
Use Case Specific Tuning Suggestions
▶︎
Use Case Specific Tuning Suggestions
▶︎
Performance Monitoring Tools
View Kafka Offset Lags Example
Parser Tuning Example
Enrichment Tuning Example
Indexing (HDFS) Tuning
PCAP Tuning Example
Issues
▶︎
Analytics
▶︎
Creating Profiles
Introduction to CCP Analytics
▶︎
Using Profilers
Install and Configure the Profiler
Running the Profiler
▶︎
Streaming Profiler
Create a Streaming Profile
Configure the Streaming Profiler
Run the Streaming Profiler
Streaming Profiler Properties
Troubleshoot Streaming Profiles By Using Stellar
Streaming Profile Examples
▶︎
Batch Profiler
Create a Batch Profile
Specify Profiles
Run the Batch Profiler
Run the Batch Profiler in Advanced Mode
Configure the Batch Profiler
Batch Profiler Properties
▶︎
Accessing Profiles
Selecting Profile Measurements
▶︎
Specifying Profile Time and Duration
Profile Selector Language
Client Profile Example
▶︎
Creating Models
▶︎
Creating Models Overview
Set up Model as a Service
Deploy Models
Add the MaaS Stellar Function to the Sensor Configuration
Start Topologies and Send Data
Modify a Model
▶︎
Analyzing Enriched Data Using Apache Zeppelin
▶︎
Analyzing Enriched Data Using Apache Zeppelin Overview
▶︎
Setting up Zeppelin to Run with CCP
Using Zeppelin Interpreters
Loading Telemetry Information into Zeppelin
▶︎
Working with Zeppelin Notes
Create and Run a Note
Import a Note
Export a Note
Using the Note Toolbar
▶︎
Using Zeppelin to Analyze Data
Zeppelin Notebooks
▶︎
Creating Runbooks Using Apache Zeppelin
▶︎
Creating Runbooks Using Apache Zeppelin
▶︎
Setting up Zeppelin to Run with CCP
Using Zeppelin Interpreters
Loading Telemetry Information into Zeppelin
Working with Zeppelin
Using Zeppelin to Create Runbooks
▶︎
Analyzing Data Using Statistical and Mathematical Functions
▶︎
Analyzing Data Using Statistical and Mathematical Functions Overview
Approximation Statistics
Mathematical Functions
Distributional Statistics
Statistical Outlier Detection
▶︎
Outlier Analysis
Median Absolution Deviation
▶︎
Example
Data Generator
The Parser
Enrichment and Threat Intelligence
Index
The Profiler
Execute the Flow
▶︎
Troubleshooting
▶︎
Troubleshooting Parsers
▶︎
Troubleshooting Parsers
Storm is Not Receiving Data From a New Data Source
Determine Which Events Are Not Being Processed
▶︎
Reference
▶︎
Stellar Language Quick Reference
Introduction to Stellar Language
Stellar Examples
▶︎
Stellar Functions
Stellar Boolean Expressions
Stellar Language Keywords
Stellar Language Inclusion Checks
Stellar Language Comparisons
Stellar Language Equality Check
Stellar Language Lambda Expressions
Stellar Language Match Expression
Stellar Language Functions
Stellar Benchmarks
▶︎
Learning & Training
▶︎
Introduction to the CCP Runbook
Introduction to the CCP Runbook
▶︎
Adding a New Telemetry Source
Prerequisites
▶︎
Stream Data into CCP
Install Your New Data Source
Install NiFi
Create a NiFi Flow to Stream Events to CCP
▶︎
Parse the Squid Data Source to CCP
Parse the Squid Telemetry Event
Create an Index Template
Verify That the Events Are Indexed
▶︎
Add New Data Source to the Metron Dashboard
Configure a New Data Source Index in the Metron Dashboard
Review the New Data Source Data
▶︎
Customizing Squid Data
Transform the Squid Message
▶︎
Enriching Telemetry Events
▶︎
Enriching Telemetry Events Overview
▶︎
Bulk Loading Enrichment Information
OPTIONAL: Create a Mock Enrichment Source
Configure an Extractor Configuration File
Using Stellar Properties to Transform Enrichment Data
Configure Element-to-Enrichment Mapping
Run the Enrichment Loader
Map Fields to HBase Enrichments
OPTIONAL: Global Configuration
Verify That the Events Are Enriched
▶︎
Enriching Threat Intelligence Information
▶︎
Enriching Threat Intelligence Information
▶︎
Bulk Loading CSV Threat Intelligence Information
OPTIONAL: Create a Mock CSV Threat Intel Feed Source
Configure a CSV Extractor Configuration File
Configure Element-to-Threat Intelligence Feed Mapping
Run the Threat Intelligence Loader
▶︎
Bulk Loading TAXII Threat Intelligence Information
Fetch Hail a TAXII Feeds
Configure a TAXII Extractor Configuration File
Configure a TAXII Connection Configuration File
Push HailaTAXII Feeds to HBase
Verify Threat Intelligence Feeds in HBase
Using Stellar Data to Transform Threat Intelligence Data
Map Fields to HBase Enrichments
Verify That the Threat Intel Events Are Enriched
▶︎
Prioritizing Threat Intelligence
▶︎
Prioritizing Threat Intelligence Overview
Prerequisites
Threat Triage Examples
Perform Threat Triage
View Triaged Alerts Using Kafka
View Triaged Alerts Using the Metron Dashboard
▶︎
Runbook Configuring Indexing
▶︎
Configuring Indexing
Default Configuration
Specify Index Parameters
Turn off HDFS Writer
▶︎
Setting up the Profiler
▶︎
Setting Up a Profile Overview
Install Profiler
Create a Profile
Profiler Configuration Settings
Start the Profiler
Develop Profiles
Testing
▶︎
Triage Squid Alerts Using Typosquatting Algorithm
▶︎
Triage Squid Events
Triage Squid Using the Typosquatting Algorithm
Improve Scoring with a Domain Whitelist
▶︎
Investigating Alerts
▶︎
Investigating Alerts Overview
Filter Alerts
Group Alerts
Create Meta Groups
Escalating Alerts
Accessing Profiles
Add New Data Source to the Metron Dashboard
Add the MaaS Stellar Function to the Sensor Configuration
Add X-Pack Extension to Elasticsearch
Adding a New Data Source
Adding a New Telemetry Data Source
Adding a New Telemetry Source
Analytics
Analyzing Data Using Statistical and Mathematical Functions
Analyzing Data Using Statistical and Mathematical Functions Overview
Analyzing Enriched Data Using Apache Zeppelin
Analyzing Enriched Data Using Apache Zeppelin Overview
Apache Component Support
Approximation Statistics
ArcSight CEF
Back Up the Metron Dashboard
Back up Your Configuration
Batch Loading Enrichment Information
Batch Loading Sources
Batch Profiler
Batch Profiler Properties
Bro
Browser Requirements
Bulk Loading CSV Threat Intelligence Information
Bulk Loading CSV Threat Intelligence Sources
Bulk Loading Enrichment Information
Bulk Loading TAXII Threat Intelligence Information
Bulk Loading Threat Intelligence Sources Using STIX/TAXII
Capturing PCAP Data
CCP 2.0.1 Repositories
CCP Architecture
CCP High Level Architecture
CCP Terminology
CCP Terminology
Chain Parsers
Changes to STELLAR Language
Changes to Supported Elasticsearch Properties Resulting from Migrating From Transport to REST Client
Changing the Metron Dashboard Background Color
Checking the Status of the Parsers
Checklist: Installing and Configuring the KDC
Cisco Adaptive Security Appliance
Client Profile Example
Cloudera Cybersecurity Platform
Cloudera Cybersecurity Platform Information Roadmap
Community Features
Component Tuning Variables
Component Tuning Variables Overview
Configure
Configure a CSV Extractor Configuration File
Configure a CSV Extractor Configuration File
Configure a New Data Source Index in the Metron Dashboard
Configure a TAXII Connection Configuration File
Configure a TAXII Extractor Configuration File
Configure Advanced Threat Triage Rules
Configure an Extractor Configuration File
Configure an Extractor Configuration File
Configure Basic Threat Triage Rules
Configure CSV Mapping for the Intelligence Feed
Configure Element-to-Enrichment Mapping
Configure Element-to-Enrichment Mapping
Configure Element-to-Threat Intelligence Feed Mapping
Configure Geocoding
Configure Organization Enrichment By Using CLI
Configure Organization Enrichment By Using the Management User Interface
Configure Table Columns
Configure TAXII Connection Configuration File
Configure TAXII Extractor Configuration File
Configure the Batch Profiler
Configure the Metron Dashboard to View the New Data Source Telemetry Events
Configure the Streaming Profiler
Configuring a New Data Source Index
Configuring Indexing
Configuring Indexing
Configuring Threat Intelligence
Create a Batch Profile
Create a Meta Alert
Create a New Elasticsearch Index Template
Create a New Solr Index Collection
Create a NiFi Flow to Stream Events to CCP
Create a Parser for Your New Data Source by Using the CLI
Create a Parser for Your New Data Source by Using the Management UI
Create a Profile
Create a Streaming Profile
Create a Streaming Threat Intel Feed Source
Create an Index Template
Create an Index Template
Create and Run a Note
Create and Run a Note
Create Global Configurations
Create Meta Groups
Create Multiple Parsers on One Topology
Creating Models
Creating Models Overview
Creating Parsers
Creating Profiles
Creating Runbooks Using Apache Zeppelin
Creating Runbooks Using Apache Zeppelin
Customizing Squid Data
Customizing Your Dashboard
Customizing Your Metron Dashboard
Customizing Your Metron Dashboard
Data Generator
Data Services and Integration Layer
Default Configuration
Default Configuration
Default Metron Error Dashboard Section Descriptions
Delete a Sensor
Deploy Models
Deprecation Notices
Deprecation Notices
Determine Which Events Are Not Being Processed
Develop Profiles
Display Additional Alerts Information
Display the Metron Error Dashboard
Distributional Statistics
DNS
Elasticsearch
Elasticsearch Type Mapping Changes
Enable Kerberos
Enable Transparent Huge Pages
Enabling Kerberos
Enriching Telemetry Events
Enriching Telemetry Events
Enriching Telemetry Events Overview
Enriching Threat Intelligence Information
Enriching Threat Intelligence Information
Enriching with Threat Intelligence Information
Enrichment
Enrichment and Threat Intelligence
Enrichment Framework
Enrichment Overview
Enrichment Tuning
Enrichment Tuning Example
Escalate an Alert
Escalating Alerts
Events
Example
Example: fieldTransformation Configuration
Execute the Flow
Export a Note
Export a Note
Fastcapa
Fastcapa Counters Output
Fastcapa Environmental Abstraction Layer Parameters
Fastcapa-Core Parameters
Fastcapa-Kafka Configuration File
Fetch Hail a TAXII Feeds
Fetch Hail a TAXII Feeds
Filter Alerts
Filter Alerts
Filtering PCAP Data
FireEye
Functionality of Metron Dashboard
General Purpose Parsers
General Tuning Suggestions
General Tuning Suggestions
Getting Started with the Alerts User Interface
Getting Started with the Management User Interface
Global Configuration
Group Alerts
Group Alerts
HDFS
Hide Resolved or Dismissed Alerts
Import a Note
Import a Note
Import Apache Zeppelin Notebook Using Ambari
Import the Apache Zeppelin Notebook Manually
Import the Apache Zeppelin Notebook Manually
Improve Scoring with a Domain Whitelist
Index
Index HDFS Tuning
Index Tuning
Indexing
Indexing (HDFS) Tuning
Individual Sensor Enrichments
Infrastructure Requirements
Install and Configure the Profiler
Install Apache Zeppelin Using Ambari
Install Apache Zeppelin Using Ambari
Install CCP on an Ambari Cluster
Install DPDK
Install Fastcapa
Install Fastcapa Automatically
Install Fastcapa Manually
Install HCP Ambari Management Pack
Install Librdkafka
Install NiFi
Install Profiler
Install Solr
Install the JCE for Kerberos
Install Your New Data Source
Install, Configure, and Deploy a HDP Cluster with CCP
Installation
Installing CCP Using Ambari
Installing Fastcapa
Installing Knox
Installing with Ambari
Installing Zeppelin
Installing Zeppelin
Installing Zeppelin
Installing Zeppelin
Integrating Third-Party Portals
Introduction to CCP Analytics
Introduction to Cloudera Cybersecurity Platform
Introduction to Metron Dashboard
Introduction to Metron Dashboard
Introduction to Stellar Language
Introduction to the CCP Runbook
Introduction to the CCP Runbook
Introduction to Tuning CCP
Introduction to Using Zeppelin With CCP
Introduction to Using Zeppelin With CCP
Introduction to Using Zeppelin With CCP
Investigating Alerts
Investigating Alerts Overview
Issues
Java Parsers
JDK Support Matrix
Kafka Partitions
Known Differences Between CCP 2.0.1 and Apache Metron 0.7.1
Known Differences Between CCP 2.0.1 and HCP 2.0.0
Known Issues
Knox Overview
Knox Security
Launch the Alerts User Interface
Launch the Kerberos Wizard (Automated Setup)
Launching the Metron Dashboard
Load Geocoding Information
Loading Telemetry Information into Zeppelin
Loading Telemetry Information into Zeppelin
Loading Telemetry Information into Zeppelin
Manage Alert Status
Management User Interface
Management Utility
Managing Overview
Managing Sensors
Managing Sensors
Mandatory Post-Upgrade Tasks
Map Fields to HBase Enrichments
Map Fields to HBase Enrichments
Map Fields to HBase Threat Intel by Using the CLI
Map Fields to HBase Threat Intel by Using the Management User Interface
Mathematical Functions
Maximum Open File Descriptors
Median Absolution Deviation
Memory Requirements
Methods to Execute PCAP Filter Options
Metron Dashboard
Metron Default Dashboard
Metron Error Dashboard Information
Modify a Model
Modify a Sensor
Modify Number of Alert Table Rows
Modify the Alert Data Refresh Rate
Modifying Enrichment Properties Using Flux (Advanced)
Modifying Index Parameters Using Flux (Advanced)
Monitor Overview
Monitoring Sensors
New Features
Open the Metron Dashboard
Opening the Alerts User Interface
Opening the Management User Interface
Operating System Requirements
Optimization Guidelines
OPTIONAL: Create a Mock CSV Threat Intel Feed Source
OPTIONAL: Create a Mock Enrichment Source
OPTIONAL: Global Configuration
Optional: Install a new MIT KDC
Optional: Use an Existing IPA
Outlier Analysis
Parse the Squid Data Source to CCP
Parse the Squid Telemetry Event
Parser Configuration
Parser Message Routing
Parser Overview
Parser Tuning Example
pcap
PCAP Tuning Example
Perform Threat Triage
Performance Monitoring Tools
Performance Tuning Overview
Porting PCAP Data to Another Application
Post Upgrade
Preparing to Install
Preparing to Install
Preparing to Upgrade
Preparing to Upgrade
Prerequisites
Prerequisites
Prerequisites for an Existing Cluster
Prerequisites to Adding a New Telemetry Data Source
Prioritizing Threat Intelligence
Prioritizing Threat Intelligence
Prioritizing Threat Intelligence Overview
Processing PCAP Data
Profile Selector Language
Profiler Configuration Settings
Prune Data from Elasticsearch
Push Hail a TAXII Feeds to HBase
Push HailaTAXII Feeds to HBase
Query PCAP Data Using the Fixed Filter Option
Query PCAP Data Using the Query Filter Option
Querying PCAP Data Using Fixed Filter
Querying, Filtering, and Visualizing Data
Real-Time Processing Security Engine
Recommended Deployment Guidelines
Release Notes
Release Notes Introduction
Reload Metron Templates
Remove Metron Installation
Requirements for Installing Fastcapa
Restore Your Metron Dashboard Backup
Review the New Data Source Data
Reviewing the New Data Source Data
Run the Batch Profiler
Run the Batch Profiler in Advanced Mode
Run the CSV Threat Intel Loader
Run the Enrichment Loader
Run the Enrichment Loader
Run the Streaming Profiler
Run the Threat Intelligence Loader
Runbook Configuring Indexing
Running the Profiler
Save Your Searches
Search Alerts
Selecting Profile Measurements
Sensor Configuration
Sensor Enrichment Configuration
Set Timestamp to Local Time
Set up Model as a Service
Set up pycapa
Set up TGT Renewal
Set up the REST Application Database
Setting Up a Profile Overview
Setting Up Enrichment Configurations
Setting Up Knox SSO
Setting Up Knox SSO
Setting Up PCAP
Setting up pcap Overview
Setting up the Profiler
Setting up Zeppelin to Run with CCP
Setting up Zeppelin to Run with CCP
Setting up Zeppelin to Run with CCP
Setting up Zeppelin to Run with CCP
Sharing the Metron Dashboard
Sharing the Metron Dashboard
Snort
Snort
Software Requirements
Solr
Specifications for Hadoop Cluster
Specifications for Metron Nodes
Specify Index Parameters
Specify Profiles
Specifying Profile Time and Duration
Start a Sensor
Start and Pause Automatic Polling
Start and Stop Enrichments
Start and Stop Indexing
Start and Stop Parsers
Start pcap
Start the Profiler
Start Topologies and Send Data
Statistical Outlier Detection
Stellar Benchmarks
Stellar Boolean Expressions
Stellar Enrichments
Stellar Examples
Stellar Functions
Stellar Language Comparisons
Stellar Language Equality Check
Stellar Language Functions
Stellar Language Inclusion Checks
Stellar Language Keywords
Stellar Language Lambda Expressions
Stellar Language Match Expression
Stellar Language Quick Reference
Stop a Sensor
Stop All Metron Services
Storm Enrichment Parameters
Storm Index Parameters
Storm is Not Receiving Data From a New Data Source
Storm Parser Parameters
Storm Tuning
Stream Data into CCP
Stream Data Using NiFi
Stream Enrichment Information
Streaming Data
Streaming Data into CCP
Streaming Profile Examples
Streaming Profiler
Streaming Profiler Properties
Support Matrix
Support Matrix
Switch to LDAP Access Privileges
Synching With the Metron Dashboard
Technical Preview Features
Telemetry Data Collectors
Telemetry Data Source Parsers Bundled with CCP
Terminology
Test Batch Indexing Topology Settings
Test Enrichment Topology Settings
Test Random Access Indexing Topology Settings
Testing
The Parser
The Profiler
Third-Party Licenses
Threat Intelligence Enrichments
Threat Triage Examples
Transform Data Source Parser Information
Transform the Squid Message
Triage Squid Alerts Using Typosquatting Algorithm
Triage Squid Events
Triage Squid Using the Typosquatting Algorithm
Triaging Alerts
Troubleshoot Streaming Profiles By Using Stellar
Troubleshooting
Troubleshooting Indexing
Troubleshooting Parsers
Troubleshooting Parsers
Troubleshooting Upgrade
Troubleshooting Your Installation
Tune Additional Batch Indexing Storm Settings
Tune Additional Enrichment Storm Settings
Tune Additional Parser Storm Settings
Tune Additional Random Access Indexing Storm Settings
Tune Apache Solr
Tune Batch Indexing Core Storm Settings
Tune Batch Indexing Kafka Partitions
Tune Enrichment Core Storm Settings
Tune Enrichment Kafka Partitions
Tune Parser Core Storm Settings
Tune Parser Kafka Partitions
Tune Parser Storm Parameters by Using the Management UI
Tune Random Access Indexing Core Storm Settings
Tune Random Access Indexing Elasticsearch Templates
Tune Random Access Indexing Kafka Partitions
Tuning
Tuning a Batch Indexing Topology
Tuning a Parser
Tuning a Random Access Indexing Topology
Tuning an Enrichment Topology
Tuning Topologies
Turn Off HDFS Writer
Turn off HDFS Writer
Type Mapping Changes
Understanding Enriching
Understanding Fastcapa
Understanding Global Configuration
Understanding Indexing
Understanding Parsing
Understanding Profiling
Understanding Profiling
Understanding Threat Triage Rule Configuration
Understanding Throughput
Understanding ZooKeeper Configurations
Unsupported Features
Update Elasticsearch Templates to Work with Elasticsearch 5.x
Update Existing Indexes to Work with Elasticsearch 5x
Update Properties
Upgrade
Upgrade Metron
Upgrading Elasticsearch
Upgrading Elasticsearch Alert Field
Upgrading Elasticsearch for CCP
Upgrading Metron
Upgrading to CCP 2.0.1
Upgrading to Elasticsearch 5.6.x
Upgrading to Elasticsearch 5.6.x
Upgrading Your Configuration
Use Case Specific Tuning Suggestions
Use Case Specific Tuning Suggestions
Use Fastcapa in a Kerberized Environment
Use Stellar for Queries
Use Stellar to Transform Sensor Data Elements
Using Fastcapa
Using PCAP
Using Profilers
Using Stellar Data to Transform Threat Intelligence Data
Using Stellar Properties to Transform Enrichment Data
Using Stellar to Set up Threat Triage Configurations
Using the Alerts Table
Using the CLI to Query PCAP Data With the Fixed Filter Option
Using the CLI to Query PCAP Data With the Query Filter Option
Using the Note Toolbar
Using the Note Toolbar
Using the PCAP Panel UI to Query PCAP Data
Using Zeppelin Interpreters
Using Zeppelin Interpreters
Using Zeppelin Interpreters
Using Zeppelin to Analyze Data
Using Zeppelin to Create Runbooks
Verify That CCP Deployed Successfully for Ambari Install
Verify That Events Are Indexed
Verify That the Events Are Enriched
Verify That the Events Are Indexed
Verify That the Threat Intel Events Are Enriched
Verify Threat Intelligence Feeds in HBase
Verify Threat Intelligence Feeds in HBase
View Kafka Offset Lags Example
View PCAP Data
View Triaged Alerts Using Kafka
View Triaged Alerts Using the Metron Dashboard
View Triaged or Scored Alerts
View Your Recent and Saved Searches
Viewing Alerts
Web Request Header
Working with Zeppelin
Working with Zeppelin Notes
Working with Zeppelin Notes
Working with Zeppelin Notes
YAF
YAF (NetFlow)
Zeppelin
Zeppelin Notebooks
«
Installing Zeppelin
Introduction to Using Zeppelin With CCP
▼
Installing Zeppelin
Install Apache Zeppelin Using Ambari
Import the Apache Zeppelin Notebook Manually
»
Installing Zeppelin
Installing Zeppelin
You can install Zeppelin either using Ambari or manually.
Install Apache Zeppelin Using Ambari
How to install Apache Zeppelin on an Ambari-managed cluster.
Import the Apache Zeppelin Notebook Manually
As an alternative to using Ambari to install Apache Zeppelin you can manually install the tool.
Feedback
We want your opinion
How can we improve this page?
What kind of feedback do you have?
I like something
I have an idea
Something's not working
Can we contact you for follow-up on this?
Back
Submit
OK
2.0
2.0.1
2.0.0
1.9
1.9.1
1.9.0
1.8.0
1.7
1.7.1
1.7.0
1.6
1.6.1
1.6.0
1.5
1.5.1
1.5.0
1.4
1.4.2
1.4.1
1.4.0
1.3
1.3.2
1.3.1
1.3.0
1.2
1.2.2
1.2.1
1.2.0
1.1.0
