AI That Delivers Results
The output of Stellar Cyber's AI Engine can be simplified down to generating two
types of data for security teams: Alerts and Incidents. Together, Alerts and
Incidents provide the depth and holistic view teams need to make rapid decisions
Alerts are instances of specific suspicious or high risk behavior and are the building blocks of Incidents. Stellar Cyber ships with 200+ Alert Types out of the box; no configuration required. Alert Types are mapped to the XDR Kill Chain, to enable prioritization and correlation. Individual Alerts have a generated, human readable description of what happened, and recommended remediation for fast response.
Example Alert Types include:
- External Scanner Behavior Anomaly
- Internal RDP Brute Force Attack
- Internal SMB Username Enumeration
Incidents are correlated sets of Alerts and other supporting data including signals, assets, users and processes. Incidents represent an entire attack or sequence of high risk actions. In real time, as new Alerts are generated, Alerts are assigned to relevant Incidents so that attacks can be detected and responded to before completion. Incidents in Stellar Cyber are mutable, meaning they can get updated, and are not limited to any certain time window so they can pick up complex attacks.
Real-world Incidents detected in Stellar Cyber:
- Darkside Ransomware attack
- Sunburst attack