Cybersecurity with Metron

This Course Includes neXT LIVE 365


Sunset Learning Institute believes in a 365-day learning experience that begins immediately, regardless of when you attend your ILT course. At SLI, you get a range of learning opportunities, from instructor-led hands-on training, to self-directed, customizable learning paths based on your environment, your needs, and your level of experience. We provide the tools and options, and you decide what you need, when you need it, and how you want to learn it! 

  • Immediate access to supplemental learning assets that are INCLUDED with your purchase of the above instructor-led training course: 365 Days of Access to SLI’s Entire Big Data Video Reference Library (VRL), not just the 5-day class you sign up for (hundreds of searchable, on-demand learning bytes in 5-15-minute videos)
  • 365 Days of Unlimited Access to Delta Sessions - What’s Not Covered in Class! (Version Upgrades, Industry Updates, Etc.)
  • 365 Days of Unlimited 24x7 Access to SLI's Community - Collaborate with SLI Instructors and Other Members (Monitored Daily by SLI Instructors) See Community Demo
  • 365 Days of Unlimited Access to Interactive neXTpertise Sessions and other IT Resources with SLI Instructors (featured hot topics, exam prep, etc.)  See Upcoming neXTpertise Sessions
  • Unlimited Access to Hosted Webinars and All Previously Recorded Sessions
  • Unlimited Access to your Digital Courseware

See Entire Portfolio

  • Benefits:Training that fits your needs (from high intensity to small learning bytes)
  • Build immediate competency - start at time of purchase!
  • Gain know-how and skills gaps with limited work disruptions
  • Get quick answers to daily challenges - live interaction!


This 5-day course will provide a comprehensive introduction to the capabilities of Metron. The student will begin with installing Metron. After learning Metron’s domain specific languages (DSL), the Stellar Query and the Stellar Transformation Language, the student will create security telemetries, create enrichments, work with pluggable threat intelligence and understand the process of threat triage. The course will conclude with the student doing streaming enrichment and dashboarding with Kibana.

50% Lecture, 50% Hands-on Labs

Target Audience

Individuals who want to understand the capabilities of Metron.


An experiential or academic understanding of the need for centralizing the use and monitoring of capabilities provided by the tools of Cybersecurity such as pcap, netflow, bro, snort, fireye, and Sourcefire.  The student should understand how software services can combine security information management (SIM) and security event management (SEM). The student should have an understanding of services that provide real-time analysis of security alerts generated by applications and network hardware-based operating system and command line scripts.

Course Outline

  • Day 1:  Metron Installation, Overview, Architecture
  • Day 2:  Creating a New Telemetry
  • Day 3:  Creating a New Enrichment and Pluggable Threat Intelligence
  • Day 4: Threat Triage
  • Day 5: Streaming Enrichment and Dashboarding with Kibana

SLI Main Menu