User Guide
Also available as:

Chapter 1. Overview

This guide is intended for use by Security Operations Center (SOC) analysts and investigators.

This guide describes two user interfaces and a tool included with HCP that are designed for the SOC analysts and investigators:

  • Metron Dashboard

    This user interface is for Elasticsearch users only. If you are using Solr, refer to the Solr documentation for information on the user interface.

    A Kibana-based dashboard designed to identify, investigate, and analyze cybersecurity data. The Metron dashboard displays all of the data on a single dashboard enabling you to filter through the irrelevant data and display just the information, alerts, and context for which you are looking.

    Refer to the following chapters:

  • Alerts User Interface

    This GUI is a standalone user interface that connects to Solr or Elasticsearch to show the alerts but also store all other data in the browser cache.

    Refer to the following chapter:

  • pcap

    The pcap data source can rapidly ingest raw data directly into HDFS from Kafka. As a result, you can store all of the raw packet capture data in HDFS and review or query it at a later date.

    Refer to the following chapter: