Apache Metron is a cybersecurity application framework that can perform big data analysis to identify anomalies. The framework provides the following key characteristics:
- The processing, enrichment, and labeling of the data source for security analysis, search, and query.
- Anomaly detection using machine learning algorithms
- SIEM-like capabilities (alerting, threat intelligence framework, agents to ingest data sources)
- A pluggable framework for various kinds of data sources and that can add parsers for new data sources
Please refer to the following diagram of Apache Metron: