Analyzing Data with Zeppelin
Also available as:
PDF

Zeppelin Notebooks

HCP provides several notebooks that you can use to analyze data and produce reports:

Zeppelin includes tutorials that can help you learn how to use Zeppelin and start analyzing data.
Metron - Connection Report
This notebook enables you to determine the number of connections made between IPs. This notebook can be set up for Yaf, Bro, or Spark.
Metron - Connection Volume Report
This notebook enables you to determine the number of connections filtered by a CIDR block. This notebook is set up for YAF.
Metron - YAF Telemetry
This notebook enables you to obtain flow telemetry information for YAF, including:
  • Top talkers - internal and external
  • Flows by hour - internal and external
  • Top locations
  • Flow duration internal and external
Metron IP report
This notebook enables you to produce a report for a given address that includes the following:
  • Most frequent connections (YAF, defaults to 24 hours)
  • Recent connections (YAF, defaults to 1 hour)
  • Top DNS queries (Bro, defaults to 24 hours)
  • All ports used (YAF, defaults to 24 hours)
  • HTTP user agents (Bro, defaults to 24 hours)