After this workshop you will be able to:
- Open and describe the purpose of the Metron UIs.
- Parse and normalize squid log format using a Grok parser.
- Enrich squid events with geocoding and field transformations.
- Triage squid events
- Profiler Basics
- User and Entity Behavior Analytics(UEBA) with User Authentication Events
- Exploring Event History - Dashboards and Run Books for Analysis, Threat Hunting and Investigations
- Applying DGA Detection Machine Learning Predictions to Squid logs
The labs are designed to work with Apache Metron 0.5.1 as packaged in Hortonworks Cyber Security Platform. For more information consult the HCP Release Notes