I understand that Metron is the open source engine that Cisco used to build Tetration. The Tetration likely forked some time back by the Cisco Insieme Business Unit, became focussed on networking and closed the source code. Today, its specific to the ACI platform, Cisco CloudScale ASICs and NX-OS NOS. Its maintains a limited amount of third party support for “openness” but thats not what Cisco is selling to customers at this time.
Metron was born out of Cisco’s OpenSoc project in 2014. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop framework. But where OpenSoc would have consumed and monitored network traffic and machine exhaust data out of data centers, Metron is a framework which can handle any kind of telemetry data.
The project was submitted to the Apache Incubator in December 2015, and its first release, Apache Metron v0.1, debuted in April 2016. As a top-level project its foundations remain in the Hadoop ecosystem, and it is built atop fellow Apache projects Storm, HBase and Kafka to handle streaming data in a real-time fashion.
If you like Tetration then Metron might be worth looking into.
Apache Foundation hails Metron as new top level project for cybersecurity • The Register : https://www.theregister.co.uk/2017/04/24/apache_foundation_hails_metron_as_new_top_level_project_for_cybersecurity/