If you are a Platform Engineer responsible for installing, configuring, and maintaining Hortonworks Cybersecurity Platform (HCP) powered by Apache Metron, you must first understand HCP architecture and terminology.
Hortonworks CyberSecurity Platform (HCP) is a cybersecurity platform. It consists of the following components:
- Real-Time Processing Security Engine
- Telemetry Data Collectors
- Data Services and Integration Layer
The data flow for HCP is performed in real-time and contains the following steps:
- Information from telemetry data sources is ingested into Kafka topics (Kafka is the
telemetry event buffer).
A Kafka topic is created for every telemetry data source. This information is the raw telemetry data consisting of host logs, firewall logs, emails, and network data.
- The data is parsed into a normalized JSON structure that Metron can read.
- The information is then enriched with asset, geo, threat intelligence, and other information.
- The information is indexed and stored, and any resulting alerts are sent to the Metron dashboard, the Alerts user interface, and telemetry.