Scribd
Upload
10K views

Security Analytics With Apache Metron

Apache Metron supports parallel enrichment by default and threat intel like Soltra. It uses Apache Storm for stream processing and ingestion can occur through Apache NiFi. Security data scientists are responsible for finding patterns in ingested data. Machine learning models can be used for enrichment, threat intelligence, and other purposes.

Uploaded by

ikhwancules46
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10K views

Security Analytics With Apache Metron

Apache Metron supports parallel enrichment by default and threat intel like Soltra. It uses Apache Storm for stream processing and ingestion can occur through Apache NiFi. Security data scientists are responsible for finding patterns in ingested data. Machine learning models can be used for enrichment, threat intelligence, and other purposes.

Uploaded by

ikhwancules46
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

10/10

Parallel Enrichment is available on Metron by default


false - veri

Threat Stellar supports Regular Expressions.


true - veri

What is the order of stages in Stream Processing Pipeline. a) Theat Intel b.)
Telemetry Parsing c.) Index and Write d.) Alert Triage e.) Enrichment
b, e, a, d, c - veri

PCAP data can be captured using Metron module __________


DPDK - veri

Which of the following is NOT a component of parsing topology?

m
Storm parser spout - veri

er as
co
Stellar is a ___________

eH w
domain - veri

o.
rs e
Enrichment configuration can be stored on _________
ou urc
zookeper - veri

In Telemetry Parsing Stage ________


data normalization takes place - veri
o
aC s
v i y re

Metron Stream Processing is built on top of


apache storm - verify

Enrichment configuration can be stored on _________


ed d

Telemetry zookeeper - verify


ar stu

++++++++++++++

10/10
sh is

Apache Metron is built on top of _________


apache opensource - veri
Th

Metron Provides support for multiple types of data through its __________
Pluggable framework -veri

Telemetry Data Ingestion is possible into Metron through ___________


nifi -veri

Timestamp in Metron is parsed in ________


posix -veri

Apache Metron in Deployment is __________


centralised - veri

Machine Learning models can be adopted in Metron for ________

This study source was downloaded by 100000829495756 from CourseHero.com on 11-07-2021 18:30:59 GMT -06:00

https://www.coursehero.com/file/86566599/Security-Analytics-with-Apache-Metrontxttxt/
all the given options - veri

Which of the following is an Example of Threat Intel feeds in Metron?


soltra -veri

Consider you are a store owner operating your own website for the people of your
Town. What can be ideal for maintaining security of the shopping platform on
your site?
Traditional SIEM -veri

Who is responsible for finding patterns in the security data ingested into
Metron?

Security Data Scientist - veri

Metron Data Capture supports the protocols such as


ALL -veri

31. Who is responsible for finding patterns in the security data ingested into

m
Metron? Security Data Scientist

er as
26. Consider you are a store owner operating your own website for the people of

co
your Town. What can be ideal for maintaining security of the shopping platform

eH w
on your site? Traditional SIEM
18. Apache Metron in Deployment is _ centralized

o.
30. Timestamp in Metron is parsed in POSIX
rs e
32. Telemetry Data Ingestion is possible into Metron through _ Apache nifi
ou urc
33. Metron Data Capture supports the protocols such as - ALL
34. Machine Learning models can be adopted in Metron for ________ ALL
35. Which of the following is an Example of Threat Intel feeds in Metron? Soltra
36. Apache Metron is built on top of _Apache Open Source Technologies
o

32. PCAP data can be captured using Metron module -DPDK


aC s

33. Stellar supports Regular Expressions. true


v i y re

6. In Telemetry Parsing Stage _ Data normalization take place


31. What is the order of stages in Stream Processing Pipeline. a) Theat Intel
b.) Telemetry Parsing c.) Index and Write d.) Alert Triage e.) Enrichment
beadc
30.Parallel Enrichment is available on Metron by default- False
ed d

31. stellar Expressions can be used in telemetry parsing as part of ______cannot


ar stu

be used in telemetry parsing - v


32. Stellar is a _ Domain specfici lan
14. Which of the following is NOT a component of parsing topology? Storm parse
sprout
15. Metron Stream Processing is built on top of - Apache storm
sh is

16. Client for MaaS is written in _ python


17. Select the Correct order of nested data in a JSON file which is processed in
Th

the pipeline. Enrichment->ThreatINtel->triageconfig


33. Threat Intel Feeds can be _All
31. Client for MaaS is written in _Java
21. Risk Level is determined through_ RiskLevelRUles
30. Hail a Taxi is _External Stix Feed
9. Identify the Stellar Function which is NOT VALID. IS_SUBNET
2. Pick out the Stellar Keyword among the following. Nan
19. Zeppelin Interpreter do NOT support - Node.js
32. ElasticSearch uses _ Kibana indexing
33. Profiler can be configured for entities like - all
35. Solr and ElasticSearch Indices are supported _as they are Random indices
34. Identify Threat Intel Storages - Hbase

1. UDFs are supported by Stellar - true


3. Validation of data entering Metron can be validated _ Partially at the time
of ingestion

This study source was downloaded by 100000829495756 from CourseHero.com on 11-07-2021 18:30:59 GMT -06:00

https://www.coursehero.com/file/86566599/Security-Analytics-with-Apache-Metrontxttxt/
4. Default Indexer of Metron is _ HDFS
5. What happens when a specific no.of entries are not populated in batchTimeout
specified? Entries are refreshed to wait for another batchTimeout
7. DPI(Deep Packet Inspection) Data is best to be extracted only for _ PCAP
8. When Machine Learning models are employed for threat intelligence what is
considered to be an infrastructure challenge? ALL
10. How does Network Intrusion Detection System works? Tracks communication
11. Soltra is a _ Threat intel Feed aggregator(y)
12. Threat Intel Store is based on _ DocumentDB
13. Metron apart from in-built Geo Enrichment supports - Asset and network
enrichment
15. Stellar is Integrated into Metron Components such as _ Global validation and
threat triage(y)
16. MaaS scaling can be done through _ Storm
20. HDFS Index updates are supported in Metron.Yes using a NOSQL write ahead
log(y)
22. Which of the following statements regarding MetaalertDao is/are TRUE - All
23. Apache Metron do NOT have a dependency on _Vagrant
24. Who among the following is considered to be an advanced SME w.r.t Apache
Metron Platform - SOC investigator
25. Data to create a profiler is collected _ over Multiple windows
27. What are the feeds in Metron? All

m
28. Consider you are trying to parse telemetry of a application which uses a

er as
custom API. Its telemetry is highly complex and the data is generated at a rapid

co
rate. What is an ideal parsing strategy for the scenario? -Write a Custom JVM

eH w
parser while using Grok as stop gap
29. Enrichment configuration can be stored on _ Zookeper(y)

o.
rs e
ou urc
o
aC s
v i y re
ed d
ar stu
sh is
Th

This study source was downloaded by 100000829495756 from CourseHero.com on 11-07-2021 18:30:59 GMT -06:00

https://www.coursehero.com/file/86566599/Security-Analytics-with-Apache-Metrontxttxt/
Powered by TCPDF (www.tcpdf.org)

You might also like