Sep 23–26, 2019
Please log in

Apache Metron: Open source cybersecurity at scale

Carolyn Duby (Cloudera), Madhan Neethiraj (Cloudera), Michael Gregory (Cloudera), Sangeeta Doraiswamy (cloudera)
1:30pm5:00pm Tuesday, September 24, 2019
Location: 1E 08
Secondary topics:  Privacy and Security
Average rating: *****
(5.00, 1 rating)

Who is this presentation for?

  • Data engineers, platform engineers, security analysts, and data scientists




Cybersecurity is a big data challenge. Applications and security devices create terabytes of logs per day in hundreds of different formats, but security analysts can only investigate a portion of the events, and they need to decide which ones they should investigate and which events are related. Enter Apache Metron, a real-time security analytics platform that ingests, normalizes, enriches, triages, and stores application and security events in a data lake.

Bring your laptop, roll up your sleeves, and get ready to crunch some events with Metron. Run through the step-by-step examples with Carolyn Duby on your own cloud Metron installation. When you get back to the office you will be ready to use Metron back at the office.


  • Apache Metron overview
  • Getting started
  • Ingesting, normalizing, and enriching events
  • Triaging events to find the needle in the haystack
  • Machine learning: Building and applying models
  • User and entity behavior analytics: Profiling and anomaly detection
  • Exploring event history: Dashboards, threat hunting, and investigation

Prerequisite knowledge

  • General knowledge of big data or cybersecurity (useful but not required)

Materials or downloads needed in advance

  • A WiFi-enabled laptop with access to AWS instances
  • Download materials from the "course GitHub repository":

What you'll learn

  • Learn to use the most important features of the Apache Metron platform to triage cybersecurity data
Photo of Carolyn Duby

Carolyn Duby


Carolyn Duby is a solutions engineer at Cloudera, where she helps customers harness the power of their data with Apache open source platforms. Previously, she was the architect for cybersecurity event correlation at Secureworks. A subject-matter expert in cybersecurity and data science, Carolyn is an active leader in the community and frequent speaker at Future of Data meetups in Boston, MA, and Providence, RI, and at conferences such as Open Data Science Conference and Global Data Science Conference. Carolyn holds an ScB (magna cum laude) and ScM from Brown University, both in computer science. She’s lifelong learner and recently completed the Johns Hopkins University Coursera data science specialization.

Madhan Neethiraj


Photo of Michael Gregory

Michael Gregory


Michael Gregory leads the field team for machine learning at Cloudera helping organizations derive business value from machine learning. Michael has more than 20 years of experience building, selling, implementing, and supporting large-scale data management solutions at Sun Microsystems, Oracle, Teradata, and Hortonworks and has seen and evangelized the power of data to transform organizations and industries from automotive to telco and public sector to manufacturing.

Sangeeta Doraiswamy


Sangeeta Thirumalai is a software developer at Cloudera, specializing in database technologies. She is currently responsible for architecting workload-level optimization tools for SQL-on-Hadoop workloads.

  • Cloudera
  • O'Reilly
  • Google Cloud
  • IBM
  • Cisco
  • Dataiku
  • Intel
  • Io-Tahoe
  • MemSQL
  • Microsoft Azure
  • Oracle Cloud Infrastructure
  • SAS
  • Arcadia Data
  • BMC Software
  • Hazelcast
  • SAP
  • Amazon Web Services
  • Anaconda
  • Esri
  •, Inc.
  • Kyligence
  • Pitney Bowes
  • Talend
  • Google Cloud
  • Confluent
  • DataStax
  • Dremio
  • Immuta
  • Impetus Technologies Inc.
  • Keyence
  • Kyvos Insights
  • StreamSets
  • Striim
  • Syncsort
  • SK holdings C&C

    Contact us

    For conference registration information and customer service

    For more information on community discounts and trade opportunities with O’Reilly conferences

    For information on exhibiting or sponsoring a conference

    For media/analyst press inquires