Sep 23–26, 2019

Apache Metron: Open source cybersecurity at scale

Carolyn Duby (Cloudera)
1:30pm5:00pm Tuesday, September 24, 2019
Location: 1E 11
Secondary topics:  Privacy and Security

Who is this presentation for?

  • Data engineers, platform engineers, security analysts, and data scientists




Cybersecurity is a big data challenge. Applications and security devices create terabytes of logs per day in hundreds of different formats, but security analysts can only investigate a portion of the events, and they need to decide which ones they should investigate and which events are related. Enter Apache Metron, a real-time security analytics platform that ingests, normalizes, enriches, triages, and stores application and security events in a data lake.

Bring your laptop, roll up your sleeves, and get ready to crunch some events with Metron. Run through the step-by-step examples with Carolyn Duby on your own cloud Metron installation. When you get back to the office you will be ready to use Metron back at the office.


  • Apache Metron overview
  • Getting started
  • Ingesting, normalizing, and enriching events
  • Triaging events to find the needle in the haystack
  • Machine learning: Building and applying models
  • User and entity behavior analytics: Profiling and anomaly detection
  • Exploring event history: Dashboards, threat hunting, and investigation

Prerequisite knowledge

  • General knowledge of big data or cybersecurity (useful but not required)

Materials or downloads needed in advance

  • A WiFi-enabled laptop with access to AWS instances
  • Download materials from the "course GitHub repository":

What you'll learn

  • Learn to use the most important features of the Apache Metron platform to triage cybersecurity data
Photo of Carolyn Duby

Carolyn Duby


Carolyn Duby is a solutions engineer at Cloudera, where she helps customers harness the power of their data with Apache open source platforms. Previously, she was the architect for cybersecurity event correlation at Secureworks. A subject-matter expert in cybersecurity and data science, Carolyn is an active leader in the community and frequent speaker at Future of Data meetups in Boston, MA, and Providence, RI, and at conferences such as Open Data Science Conference and Global Data Science Conference. Carolyn holds an ScB (magna cum laude) and ScM from Brown University, both in computer science. She’s lifelong learner and recently completed the Johns Hopkins University Coursera data science specialization.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)

Contact us

For conference registration information and customer service

For more information on community discounts and trade opportunities with O’Reilly conferences

For information on exhibiting or sponsoring a conference

Contact list

View a complete list of Strata Data Conference contacts