TECHNOLOGY
Integrations
All your investments, full visibility
Open integrations with the market leading IT and security tools so you can protect the entire attack surface. Collect telemetry, respond directly through tools and distribute your data where you need it. If Stellar Cyber doesn't yet integrate with a mission critical tool, it can be rapidly added to the integration suite.
Example Integrations
Network
Understand traffic across the enterprise, both north-south, and east-west.
Endpoint
See all your assets, their activity and vulnerabilities. Then respond back through your tool to take action where necessary.
Cloud
Access all cloud telemetry regardless of your multi or hybrid cloud setup.
Identity
Track users across all applications and systems to detect risk and advanced threats.
Vulnerability
Correlate vulnerabilities with activity across the enterprise to prioritize remediation.
Apps
Get visibility into key SaaS applications where some of your most critical enterprise information and workflows are stored.
Email
Bring together email alerts with all other telemetry to detect and respond to phishing attacks.
Key Features
Stellar Cyber has a number of features that collect data, take
response through source tools and send data to other systems.
Log Forwarders
Log forwarders collect, aggregate and parse logs from hundreds of existing IT and security tools such as firewalls, IAMs, WAFs, EDRs etc. They support various format including standard log format, CEF format, etc. New log parsers can be added any time without interrupting your existing services.
Connectors
Connectors collect, aggregate and parse data from tool through their APIs. Connectors ensure visibility into Software-as-a-Service applications, service provider environments or any tool with an API. They also help consolidate data such as asset information from your EDR and other asset based systems.
Threat Intelligence
Although Stellar Cyber has a built-in Threat Intelligence Platform, it also allows our customers to import their favorite threat intelligence feeds through STIX-TAXII.
Automated Response
The built-in Automated Response capability of Stellar Cyber allows security analysts take direct actions in the platform without switching to another platform. By leveraging APIs provided by your existing security tools, the platform can interact with firewalls to block attacking IP addresses, disable users via the Active Directory, disconnect an endpoint device from the network via EDR, or trigger a vulnerability scan, to name a few. It allows security analysts to define powerful playbooks so that any combination of these responses can be automated based on one or multiple conditions. This helps improve the response time to an attack and reduce the risk.
Data Sink
The Data Sink feature allows for Stellar Cyber to seamlessly integrate with other data infrastructure including object storage for compliance or SIEM for maintaining existing investments. It can either stream raw data with fused context, the AI-generated Alerts and Incidents, or both, to any location.
Open APIs
The Stellar Cyber Open XDR Platform provides a rich set of restful APIs to allow access to the data stored in the Data Lake. These APIs have been used for successful integration with third-party SOAR tools like Phantom, Demisto, Swimlane and Siemplify etc.