It is very much possible, and very easy to create your own functions and models
on top of Metron.
There are two main ways in which you would do this, depending on the type of
use case you’re looking at.
Metron uses a language called Stellar as part of the enrichment stage (and
elsewhere) to implement a number of algorithms which can then be composed in
configuration. You can also extend this language to implement your own
algorithms in the real time stream
gives a toy example, also checkout some of the source for the more interesting
stellar functions in
If your algorithms tend more towards the traditional ML approach, using for
example Spark, python, or R, then the Model as a Service extension points might
be more useful. This allows you to run arbitrary micro-service type model
inference, or scoring, and plug that into he Metron real-time stream
provides more information and a worked example of how you would plug in an
example python based model).
I would also suggest taking a look at some of the recent custom use-cases we
have included in the project to get some starters:
I hope that helps, and wish you the best of luck with your project. Also, do
let the community know what you’re working on, and I’m sure we will be more
than happy to provide any help and assistance we can. Looking forward to seeing
what you come up with, and welcome to Metron.
> On 2 Feb 2018, at 12:11, Helder Reia <helder.r...@gmail.com> wrote:
> I am a student currently finishing my master degree and for my final work I
> am proposing to make a security analytics tool. I will want to make it on
> Apache Metron framework but I have some questions:
> - Is it possible to implement my own functions ? ( I will want to have
> clustering and classification algorithms )
> - If so, can you give me helpon how to implement those algorithms?
> Thank you for the help !
> Helder Reia
> ALF-AL TM