Apache Metron is a cybersecurity application framework that can perform big data analysis to identify anomalies. The framework provides the following key characteristics:

• The processing, enrichment, and labeling of the data source for security analysis, search, and query.
• Anomaly detection using machine learning algorithms
• SIEM-like capabilities (alerting, threat intelligence framework, agents to ingest data sources)
• A pluggable framework for various kinds of data sources and that can add parsers for new data sources

Please refer to the following diagram of Apache Metron: