Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

HCP Architecture

If you are a Platform Engineer responsible for installing, configuring, and maintaining Hortonworks Cybersecurity Platform (HCP) powered by Apache Metron, you must first understand HCP architecture and terminology.

Hortonworks CyberSecurity Platform (HCP) is a cybersecurity platform. It consists of the following components:

  • Real-Time Processing Security Engine
  • Telemetry Data Collectors
  • Data Services and Integration Layer


The data flow for HCP is performed in real-time and contains the following steps:

  1. Information from telemetry data sources is ingested into Kafka topics (Kafka is the telemetry event buffer).

    A Kafka topic is created for every telemetry data source. This information is the raw telemetry data consisting of host logs, firewall logs, emails, and network data.

  2. The data is parsed into a normalized JSON structure that Metron can read.
  3. The information is then enriched with asset, geo, threat intelligence, and other information.
  4. The information is indexed and stored, and any resulting alerts are sent to the Metron dashboard, the Alerts user interface, and telemetry.