Frequently Asked Questions

Includes: Integration types, Connectors and Parsers for Security Applications, Pricing, Timeline, and questions that are frequently asked by customers and clients.

We have put together a list of frequently asked questions (FAQs) on our integration and automation services to help address your needs. In case you can’t find what you’re looking for, we are an email and phone call away. See our contact information below.

categories

Integration


Metron is focused on building integrations for the security ecosystem. We have worked with leading Security information and Event Management (SIEMs) and UEBA; Security Orchestration, Automation and Response (SOARs); exchanges and security technologies such as firewalls, intrusion detection systems – Endpoint Detection and Response (EDR), Threat Intelligence Platform (TIP), ITSM technologies – and many other security related applications.

We have built several integrations including custom applications for security companies.

Here are a sample list of integrations we have built: QRadar, ServiceNow - ITSM, Secops, Splunk, Phantom, Resilient, Crowdstrike, Mindmeld, VMRay, Netskope, Google Chronicle, Zinbox, Cylera, Digital Shadows, JIRA and many more.

We have built a number of connectors (or integrations) to share data between security products. We have built several on-prem and cloud connectors. Below is a list of a few sample connectors.

These connectors run within an application framework provided by the SIEM/SOAR software. Examples of SIEM/SOAR softwares are:

  1. Splunk: The app package is installed on the Splunk server and can provide knowledge objects, dashboards and scripts (Python/Javascript/Java)
  2. IBM QRadar: The app package can provide a DSM (parsing rules for log events) as well as dashboards and scripts for fetching data from an API gateway.
  3. IBM Resilient: The app package typically runs on an integration server that is installed on the customers premises, and which can interface directly with the Resilient server.
  4. ServiceNow: We use the ServiceNow Studio to build applications, which can be installed on a customer's ServiceNow instance.
  5. Splunk Phantom: The app package runs on the Splunk Phantom server and uses the Phantom framework to poll for incidents, as well as execute actions via API calls.

In addition, we have built several custom connectors and parsers for clients to enable SOC automation. Please contact us for more details.

Sometimes, the security products that are being integrated do not have an application framework that can run the integration. Typically, both products only provide API access. In these cases, we have built a middleware connector that can be run on either the customer side, the provider side, or even on another system that acts as a broker between the security products.

Please read more details in our Connector and Parser section.

Metron labs has extensive experience building parsers to extract data from external log sources. Most of our work has been in transforming data between formats as per customer requirements. We can work with pretty much any format and below is a sample list:

  1. Syslog
  2. JSON
  3. CEF
  4. Key-Value pairs
  5. NetFlow
  6. Regex

Metron has built a process. We use an in-house built framework for data parsing, scripts for generating events and an engineering team aligned to build integration faster. There are integrations we have ready in days to weeks depending on the customization required. Our average integration timeline is 4-6 weeks which includes building the integration and user acceptance testing (UAT).

Please note each app exchange (e.g. XForce, Splunkbase, NOW store, etc.) has its validation process. We work with them to ensure all the criteria is met and your app is published at the earliest. We have seen anywhere from 4-8 weeks for an exchange validation process to be completed.

Pricing


Our integration service is priced at a fixed price based on the Statement-of-Work (SoW). We have a straightforward and transparent pricing model with no hidden fees. It consists of:
  1. Integration: Includes the total cost of building the integration and is based on fixed fees.
  2. Support: Our support is based on subscription based on a fixed number of hours per month basis. All the upgrades and customization of the application is included in support.

Our cost per integration ranges from $20,000 - $25,000.

Support cost is optional and based on your requirements. Subscription Support is $85/hour (min. 25 hours per month) and On-demand Support is $125/hour (no minimum).

Our pricing model is based on the premise that the more integration you build with Metron, the cheaper and faster it becomes to automate and manage your application.

We are a California based company with delivery centers in Bangalore and Pune, in India. We provide competitive rates within the industry that fit our client budgets, allowing them to connect their product to more applications and building a more secure connected ecosystem.