Typically you would install Metron in a secured area of your network, especially if you aren't implementing Kerberos. This can be locally on servers, or in AWS (or be any other cloud) with certain configurations. Metron does primarily data cleansing and analysis but is fed data from sensors. Those sensors are the things that can be distributed throughout a network, that do scans, or can be on systems in your environment as an agent. There are a lot of options on how you get the logs and alerts from the sensors into Metron, but for a start you can look at Apache NiFi or tooling that uses librdkafka. Hope that helps,
Jon On Sat, Dec 30, 2017, 11:36 Martin Lee <[email protected]> wrote: > Hi, > > i find that SOC can scan inside and outside of network. > > where do Metron install ? inside or outside of infrastructure network? > > as i see that it can be installed in Amazon cloud, > is it install outside of infrastructure of company network? > if install outside, how can it scan from inside? > if install inside, how can it scan from outside? > > is there any book teaching how to set up Metron? > i find that there are 10 nodes if install in Amazon > > Regards, > Ho Yeung, Lee > Martin > > -- Jon
