Apache Metron:
integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.Logical Architecture
Apache Metron can be used as a SIEM system. It offers a variety of options that make up a SIEM system. First, you can save data over a long period of time.
Some Features:
Because Apache Metron is designed as a big data solution, the open source solution can handle data lakes too.
Simply put, data lakes are an in-house storage option for all data and sources. Business users can access and analyze the data based on their permissions. Usually the data in Data Lake is unmodified, so it will not be transformed. The Data Lake is accessed by various analysis tools, which convert the data for their own use.
Nice Intro Video