Strengthen Your Cloud Security: Integrate Prisma Cloud CWPP with Your BAS Platform

Walk through the architectural design and integration process for connecting BAS platforms with Prisma Cloud CWPP.

OCSF Version History: A Guide to Enhancements and Security Benefits

OCSF has evolved since initial release. Learn more about its version history.

Microsoft Sentinel Architecture: A Step-by-Step Overview of Integration and Log Processing

Integrate Microsoft Sentinel with third-party tools via Azure Function Apps.

AWS AppFabric Integration Architecture

Learn how integrating XDR with AWS AppFabric enables unified threat detection, real-time response, and seamless security data flow.

How to Set Up Firewall Policies on FortiGate: A Step-by-Step Guide to Secure Your Network

Walk through a step-by-step guide to secure your network with necessary firewall policies using FortiGate.

5 Use Cases for Integrating AWS Security Hub with CSPM Platform

Discover 5 real-world AWS Security Hub and CSPM integrations.

6 Ways Microsoft Sentinel Transforms Your Security Operations: Use Cases

Discover how Microsoft Sentinel integrations improve unify your security operations at scale.

ServiceNow Vulnerability Response Integration Architecture

Rake a closer look at integrating ServiceNow VRM with OT Platforms.

Why Data Normalization is Essential in Cybersecurity: Google SecOps’ Unified Data Model

Discover how data normalization with Google SecOps' UDM boosts threat detection.

The Silent Saboteur: Tackle Schema Misalignment in Cybersecurity Integrations

Learn how to resolve schema misalignment to streamline your cybersecurity platforms.

How CrowdStrike Falcon can Strengthen Security Operations: Use Cases

Discover how CrowdStrike Falcon integration helps stop complex attacks across hybrid and cloud environments.

Enhance IoT/OT Security Visibility: Integrate Your Security Platform with Google SecOps

Learn how to integrate CI alerts into Google SecOps SIEM to boost IoT/OT visibility.

Keep Your Splunk App Strong: Top 5 Post-Release Tips

Expert strategies to maintain, test, and future-proof your Splunkbase app.

Beyond Security Logs: How Metron's Data Annotation Powers Diverse ML Applications

Discover how data annotators can become a versatile asset across your organization's range of ML applications.

Breaking Silos: How an Integrated AI Strategy Works Best

Explore how an integrated approach to AI/ML can transform your security operations.

Enhancing AI-Driven Security: Why Accurate Log Annotation Matters

Discover how log annotation fuels AI accuracy in cybersecurity.

Defend the New AI Wave: Integrating Your CASB with Agent Builder Platforms

Discover how a CASB integration can protect your next-gen AI Agent tools.

Bridging the Gap: Overcoming Cybersecurity Data Annotation Challenges

Explore how data annotation hurdles can impact cybersecurity outcomes (and how to overcome them).

Prepare Your Splunk Apps for 2025: Critical Updates You Should Know About

Everything you need to know about the latest Splunk critical updates.

Scaling Up Your Product and Integration Roadmap with Log Forge (Mock Server)

Discover Log Forge, a lightweight HTTP REST API server designed to mimic the real API of a specific cybersecurity platform.

5 Real-World Use Cases for Integrating Google SecOps with EDR

Dive into five real-world use cases for integration Google SecOps with EDR.

AI-Driven Threat Hunting: The Critical Role of Data Annotation

Discover how Metron's Schema Vault can help ensure accurate data annotation.

Introduction to Data Annotation and Labeling

Dive into how data annotation and labeling in cybersecurity fills key industry gaps and benefit AI.

Integrating Your Digital Risk Protection (DRP) Platform with Microsoft Sentinel

Sentinel can act as your organization's security control tower when paired with a Digital Risk Platform (DRP). Learn how!

5 Crucial Use Cases for ServiceNow SecOps

A well-integrated and seamless security ecosystem is no longer simply optional.

AWS CloudWatch Integrations: Maximizing Monitoring and Security Efficiency

AWS CloudWatch boosts security when integrated with the right tools. From detecting threats with Sentinel to automating response with XSOAR, see how these integrations enhance cloud protection.

Metron Security’s Dev-Centric Code Jam: SOC+AI Edition Recap

Metron Code Jam February 2025: A thrilling fusion of coding, collaboration, and cybersecurity innovation!

NVD-CVE Fetcher App (Splunk AddOn): Use Case

Discover how your team can make the best use of the NVD-CVE Fetcher-APP for Splunk.

Metron Security’s Dev-Centric Code Jam: Here’s A Glimpse of What Went Down

Metron Code Jam January 2025: A thrilling fusion of coding, collaboration, and cybersecurity innovation!

Troubleshooting Microsoft Sentinel Data Ingestion Issues: A Deep Dive

We outline some of the common data ingestion issues with Microsoft Sentinel (and how to troubleshoot them).

JupiterOne: Transforming Cybersecurity and Asset Management

Discover JupiterOne’s vital features, benefits, and integration capabilities among others.

Cybereason EPP: Troubleshooting SIEM Integration Errors

Troubleshoot common Cybereason EPP-SIEM integration errors.

How to Get Your App Published in the Splunkbase

Aiming to get your app/integration solution published to Splunkbase?

Comprehensive Guide to AWS CloudWatch: Key Features & Optimization

As we come to rely more and more on cloud services, ensuring that your environment is running smoothly can often feel like a juggling act. Fortunately, tools such as AWS Cloudwatch can help streamline this process, by providing an observability solution that enables you to track and respond to performance

SafeBreach: Use Cases and Insights for Effective Integration

Discover how Metron's expertise in BAS integrations can help you achieve a seamless and successful integration with SafeBreach.

Understanding XDR: Key Components of Extended Detection & Response

Take a closer look at the key components of XDR.

Common Troubleshooting Errors in Splunk

Take a closer look at some of the most common Splunk usages and how to troubleshoot frequently-seen errors that might occur.

CCF Implementation for ServiceNow Service Graph Connectors

Dive into the significance of CCF, its role in cybersecurity, and how you can smoothly implement it for your Service Graph Connectors.

Guide to ServiceNow Vulnerability Response and Its Use Cases

Take a closer look at ServiceNow Vulnerability Response and its key use cases.

Ultimate Guide to Integrating Fortinet FortiManager and its Use Cases

Get a handle on the process of integrating Fortinet Fortimanager, along with several of its key use cases

Benefits of OCSF in Data Normalisation for Cybersecurity

Discover how the OSCF framework benefits your data normalization processes.

Prisma Cloud: Introduction and Cybersecurity Use Cases

Dive into the various cybersecurity use cases of Prisma Cloud.

5 Compelling Cybersecurity Use Cases for XDR Integration

Discover 5 compelling use cases for your XDR integration.

Comprehensive Guide to Troubleshooting AWS Security Lake

A detailed walkthrough for troubleshooting common issues encountered with AWS Security Lake.

Improved Data Integration with OCSF

Discover how OCSF helps break down data silos and streamlines inter-application communication.

Know Your SIEM: Logpoint

Take a closer look at the features and availability of the Logpoint SIEM.

Deep Dive: Unveiling the Architecture of CrowdStrike Falcon

Take a deep dive into the architecture powering Crowdstrike Falcon and its integration capabilities.

Fetching Logs from Amazon Security Lake: A Detailed Guide

Learn how to how to fetch logs from Amazon Security Lake.

Integrate Your SIEM with Microsoft Defender XDR

Explore the ways and benefits of integrating your SIEM platform with Microsoft Defender XDR

Leveraging Amazon Security Lake for Enhanced XDR

Explore how Security Lake and an XDR platform can work together to offer enhanced protection to your organization.

Metron Security Expands its Partnership Ecosystem

Metron is pleased to announce it is helping to secure enterprise networks with HPE.

Network Security: Strategies and Solutions from Palo Alto

We discuss leveraging some of the tools and measures offered by Palo Alto Networks for network security.

Demystifying the OCSF Data Hierarchy: Unlocking the Power of Standardized Security Data

We dive into the OCSF framework and its ability to standardize the language of your data.

OT Platform's Journey with ServiceNow: A Technical Deep Dive

Dive into the technical considerations for integrating OT platforms with IT systems.

Cortex: Understanding the Security Analytics Platform and Use Cases

Discover the various Cortex offerings and learn how they can become potential game-changers in your security ecosystem.

Integrating with Prisma Cloud Security Platform

Prisma Cloud offers a comprehensive cloud security platform. Find out how to integrate it into your ecosystem!

Know Your SIEM Solutions: Sumo Logic Cloud SIEM

Discover whether Sumo Logic's SIEM offering could become a valuable tool for your organization.

Know Your SIEM Solutions: Splunk SIEM

Discover whether Splunk's SIEM offering is right for your organization.

FortiGate (NGFWs by Fortinet) Installation Guide [2024]

Today, we walk you through an on-prem installation process for setting up the FortiGate NGFW.

How to Set Up IBM QRadar SIEM on a Standalone VM [2024]

We walk you through setting up your IBM QRadar SIEM using a standalone virtual machine.

NextGen SIEM Use Cases: Crowdstrike Falcon LogScale

Dive into some of the top use cases that organizations can hope to get out of a next-gen SIEM like Falcon Logscale.

6 Essential Uses Cases: SentinelOne Singularity XDR Integrations

Cyber threats are always evolving. Discover how SentinelOne Singularity XDR can become a key asset in your defenses against cyber threats.

What is a FortiGate Configuration? Definition and Use-Cases

FortiGate is one of the many apps available through the wider Fortinet security suite. In the following post, we’ll walk you through the key elements of this application, its use cases, and what it’s like to configure.

Seamless Integration Automation: Unlocking the Power of Splunk

Within Splunk’s architecture, numerous elements can automate and integrate key security functions. Discover how this tool can empower your organization.

Amazon Security Lake: Integration Architecture Overview [2024]

In the following piece, we provide a high-level overview of the integration architecture for this tool. Read the details here.

Elevate your Cybersecurity Experience with these 4 ServiceNow ITSM Use Cases

To take advantage of the opportunities offered by the many use cases of ServiceNow ITSM, it is important that you are first not only aware of this platform but also how it functions.

Introduction to OCSF: Framework, Usage, and Benefits

OCSF is a framework with a strong potential for unifying cybersecurity systems across platforms. Learn more about its usage here.

Unlock Your Security Potential with These IBM QRadar Use Cases

IBM QRadar is a Security Information and Event Management (SIEM) solution. Here are some of the top use cases to unlock your security potential.

How to get your app published on the ServiceNow Store

The ServiceNow Store is the central repository for workflow apps and certified integrations. Learn how to publish your app on this platform.

Your Guide to Amazon Security Lake and its Use Cases [2024]

In the following post, we examine one of the most prominent data lakes available - Amazon Security Lake.

How to Fetch Logs for Fortinet Security Fabric with FortiAnalyzer

In the following post we walk you through how to fetch logs in this platform.

Know Your SIEM Solutions: Exabeam’s Fusion SIEM

Looking for a cloud-native SIEM but unsure where to begin? Become familiar with Exabeam’s Fusion offering here.

ServiceNow ITSM and its Architecture

ServiceNow ITSM is a cloud-based IT Service Management (ITSM) tool that helps businesses streamline their IT operations. It automates many IT tasks, such as incident resolution and problem management, which frees up IT staff to focus on more strategic initiatives. The platform is based on ITIL (Information Technology Infrastructure Library)

Connecting Your SIEM to AWS: Tips and Considerations (2024)

In the following post, we discuss tips and considerations for connecting your SIEM with AWS for efficient cloud security and optimization.

Know Your SIEM Solutions: Fortinet's FortiSIEM

Looking for a SIEM but uncertain where to begin? Become familiar with FortiSIEM and if it's the right choice for your organization.

6 Important Factors to Consider For SOAR Adoption in 2024

SOAR platforms can act as the central hub for your security needs. We outline 6 important factors to consider for SOAR adoption as we move into 2024.

5 Essential Use Cases for SOAR Integration within your SOC

Companies are increasingly automating essential security operations center (SOC) tasks. In the following guide, we outline 5 SOAR use cases for your SOC.

5 More Use Cases for Integrating Your SIEM with Threat Intelligence

In this short post, we dive into five key use cases that highlight the indispensable role a well-integrated SIEM plays in enhancing an organization's threat hunting capabilities.

SIEM and Threat Intelligence Integrations: Use Cases and Benefits

We discuss some of the benefits of pairing your SIEM with a threat intelligence platform, such as Recorded Future, ThreatConnect, Zerofox, Anomali and many more.

The Five Critical Components of XDR Integration

In this guide, we will detail five critical components of XDR integration along with their potential challenges and resolutions.

API Monitoring Tool for Security Application Integrations

We're pleased to announce that our API monitoring tool is now available!

IBM Resilient Setup with App Host Support

In the following article, we will walk you through setting up your copy of IBM resilient as well as ensuring App Host is paired and enabled.

Installation of Splunk Phantom/SOAR Using Virtual Machine

In the following guide, we'll walk you through installing Splunk SOAR using a virtual machine and Linux.

OCSF + Amazon Security Lake: A New Schema to Solve Long-Standing Challenges

With OCSF, a vendor-agnostic core security schema is now available, enabling a common approach to data sharing among different tools.

Setting up IBM QRadar SOAR (Formerly Resilient) on a standalone VM [2023]

In the following guide, we will walk you through setting up IBM Resilient using a standalone virtual machine.

Create an AMI from Ova file using AWS CLI for Splunk SOAR (Phantom)

Are you having issues troubleshooting or setting up your AWS platform? In the following article, we'll walk you through creating an IAM for Splunk-SOAR from an ova file using Amazon Web Services (AWS).

Enhancing the Security of Wireless IoT Devices with the NAC platform and IoT Cloud Management Service Provider

In this case study, we explore how a large manufacturing company addressed the security concerns of their wireless IoT devices through integration.

Integrating OT & IoT Security with Splunk: An Application Case Study

In this post we discuss how a Splunk Enterprise application that could integrate with OT & IoT Security applications for better security.

How to Set Up QRadar on Amazon EC2 For Development Purposes

This following guide outlines the steps needed to set up QRadar on AWS for development purposes.

Useful Integrations Add-Ons for XSOAR : Fetching Credentials

Fetching credentials is crucial aspect of the management and sharing of credentials, which are used to authenticate and authorize access to resources.

How to Setup ArcSight on EC2 [2023 Walkthrough]

The following article will provide the step-by-step guidelines for setting up Arcsight logger on EC2.

XSOAR: An Overview of Trends to Keep an Eye on in 2023

This article focuses on the trends in XSOAR that readers who are familiar with the platform will likely find helpful for the coming year.

XSOAR Debugging Solutions for Common Problems [Part 1]

In the post below, we have outlined some of the common issues we’ve come across among our XSOAR users.

Metron Security Completes Service Organization Control (SOC) 2 Type 1 Audit

Metron Security has announced its successful completion of the Service Organization Control (SOC) 2 Type 1 audit of the suitability of its relevant security controls.

Splunk SOAR (Formerly Phantom): Installation with an OVA and a Tarball File

This guide explains how to get started with installing a Splunk SOAR for your security ecosystem.

How to Update Your ServiceNow App from One Instance to Another Instance

This article walks through the steps needed to update/deploy your ServiceNow app into a QA Instance. To do so, we will be using the Development instance as the source.

ChatGPT: How did it respond to our questions about XDRs?

We give ChatGPT a few spins at answering questions about XDR.

Common Test Cases for Integrations Between a SIEM/SOAR with EDRs and XDRs

The goal of this article is to help users understand how data flows when we configure an integration.

Understanding Cortex XSOAR Integrations and Use Cases

Cortex XSOAR is designed to accommodate integrations whether it be from a custom solution or through the tools available in the app.

Installing IBM QRadar Community Edition Locally

IBM Security QRadar Community Edition (CE) is a free and full-featured - albeit lighter -version of QRadar based on version V7.3.3. This edition is also specifically designed for students, app developers, and security professionals in need of a testing environment

Cortex XSOAR: Common Troubleshooting Tips and Suggestions

In this post we detail a few of the common ways you can troubleshoot issues with your Cortex XSOAR application.

How to Fetch Logs in Your IBM Security QRadar SOAR Platform

Logs can be retrieved for troubleshooting in IBM QRadar SOAR as needed and outlined in the steps below.

2 Ways to Fetch Logs in IBM QRadar

In the post below, we detail two different methods of extracting your log files from the platform.

Cortex XSOAR Marketplace: What to Expect for Your Integration Needs

The Cortex XSOAR Marketplace is the central hub where users can browse, purchase and deploy integrations between the main platform and third-party apps.

What is a Splunk Integration? Definition and Use-Cases

Splunk is widely used for its log retrieval and data sharing abilities, and is commonly integrated with a variety of tools such as SaaS cloud software like ServiceNow.

Splunk Enterprise 9.0 Release is Now Available

Splunk Enterprise 9.0 has just been rolled out and there are a plethora of new features and updates (both major and minor) to be noted with this release.

Data Enrichment and Security: Two Use Cases for Application Logs

In this post, we'll focus on two use cases that can help improve your team's responsive time when reviewing application logs.

Data Enrichment: Setting Security Goals for Your Organisation

Why are security operators turning towards data enrichment and the ways to automate the process more than ever before?

Cybersecurity Experts: Why Automation Matters on the Job

As talented as your security operations team may be, the best way to empower them is through automation.

Data Enrichment: The Holy Grail of the Cybersecurity Industry

Data enrichment is the Holy Grail of the security industry. All platforms - and especially the newer platforms to hit the market - are only as meaningful as the data they ingest.

Governments Offering Bug Bounties for Vulnerability Detection

2021 was a record year for cyber threats, with both the number and severity of attacks reaching all time highs.

Understanding Major Playbooks for Your Favourite SOAR

Security Orchestration, Automation, and Response (SOAR) solutions play a critical role in security automation and an integral part in most major cybersecurity team's workflows.

3 More Use Cases for SOAR Automation to Protect Your Enterprise

Incident response and prevention are key concerns of any security team.

How to Manage Your Third-party Security Integrations at Scale

There’s no single way to handle it for every situation, but we’ve detailed a few examples of highly scalable approaches to maintaining 3rd party ecosystems below.

Well-managed Integrations are essential to deliver a great customer experience for Security Applications

Few organisations rely on a single app, software, or workflow to manage their day-to-day operations as well as its long term growth. Your organisation most likely benefits from anywhere from a half-dozen to close to a hundred different apps, depending on your size and industry.

3 Use Cases for SOAR's Automation Capabilities For Your Enterprise

While there are countless use cases, here are three security use cases where SOAR tools can react faster than manual intervention and empower your SOC teams to better manage threats.

Ragnar Locker Continues to Breach the Cybersecurity of Major Companies

Infrastructure companies, which have seen a record rise in ransomware attacks targeting their systems since 2019, have remained the primary targets for the operators behind Ragnar Locker.

Expect to see a rise of Ransomware Attacks on Infrastructure in 2022

Cybersecurity breaches and ransomware attacks in particular are costing organisations a fortune.

How to Configure and Install AttackIQ on Linux and Windows

In the following blog post, we detail how to configure AttackIQ on a Linux machine as well as set up Agents on Windows.

How to fetch logs for Cortex XSOAR

Cortex XSOAR keeps a detailed list of logs that are automatically generated when activities take place in the environment, such as when issues arise or for verifying system information.

What is SOAR? Know Your Security Automation Solutions

SOAR is an acronym for Security Orchestration, Automation and Response.

How to Set Up a Cybereason Test Environment with Virtual Machine

This post describes how to set up a test environment over a virtual machine (VM) using the Cybereason console.

How to Fetch Logs in Your ServiceNow App

You can retrieve your logs as well as your log archives using the app. We’ve detailed the main steps you’ll need below.

State of SIEM: A Look at 2021 Ransomware Attacks and 2022’s Promise

Industry insiders and commentators are highlighting 2022 as the year when cybersecurity comes home.

Publishing Your QRadar App in the IBM Security App Exchange

Custom integration apps for QRadar can be submitted to the IBM Security App exchange for greater usage and visibility

QRadar Integrations: High-Level Design and Architecture Overview

This post outlines the software design and architecture necessary for building a custom integration application between QRadar and a generic security sensor.

How to Fetch Logs in Your Splunk App

Splunk is a versatile app that keeps records of most events that take place within your app. Find out how to fetch your Splunk logs here.

Steps to Installing the Universal REST API Protocol in IBM QRadar

Before we can use the Universal REST API DSM and Protocol in QRadar, we have to install the Protocol so that it appears in the list of supported protocols. The installation is usually straightforward, but we have seen some issues with installing the protocol on some machines.

Is your Security Application connected and updated?

Are you using the latest app version for your integration? How do you find out?

How to get your enterprise's security data into IBM QRadar

Before you can act on threats, you have bring your security data into your QRadar deployment.

Troubleshooting a Resilient App

There are several ways to verify the successful operation of a function. You can also use these ways to troubleshoot a problem with your Resilient app.

Fetching Logs for a QRadar App

Facing issues with a QRadar app? Did you know that you can fetch the application logs.

Connectors and Parser: Security Integrations and Applications Built by Metron Labs

Connectors and parsers built by Metron Labs which includes IBM QRadar, Splunk, Phantom, ServiceNow and IBM Resilient and middleware connector built by Metron for API only access security applications.

How Metron will Effectively Scale and Manage Your Security App Exchange

Metron’s Integration Exchange Framework is designed to manage and maintain all third party security applications.

Case Study: IBM QRadar and Crowdstrike

This case study outlines how Crowdstrike integrates with IBM QRadar and its use cases.