After this workshop you will be able to:
- Open and describe the purpose of the Metron UIs.
- Parse and normalize squid log format using a Grok parser.
- Enrich squid events with geocoding and field transformations.
- Triage squid events
- Detect anomalous authentication events.
The labs are designed to work with Apache Metron 0.4.2 as packaged in Hortonworks Cyber Security Platform. For more information consult the HCP Release Notes