--- title: "How Stellar Cyber Works" id: "39743" type: "page" slug: "how-it-works" published_at: "2023-01-05T09:27:39+00:00" modified_at: "2026-04-08T22:50:59+00:00" url: "https://stellarcyber.ai/product/how-it-works/" markdown_url: "https://stellarcyber.ai/product/how-it-works.md" excerpt: "How Stellar Cyber Works Stellar Cyber empowers lean security teams to successfully secure their cloud, on-premises, and OT environments from a single automation- and AI-driven platform—one platform that unifies all your tools to deliver full visibility, faster response, and stronger..." --- ## How Stellar Cyber Works Stellar Cyber empowers lean security teams to successfully secure their cloud, on-premises, and OT environments from a single automation- and AI-driven platform—**one platform that unifies all your tools** to deliver full visibility, faster response, and stronger outcomes without adding complexity. [Platform Overview](https://stellarcyber.ai/platform/) [Request a Live Demo](https://stellarcyber.ai/request-a-demo/) Your browser does not support the video tag. ## Full-Cycle [Detection and Response](https://stellarcyber.ai/platform/capabilities-automate-response/) ## Ingest and Normalize Data Stellar Cyber can ingest data from any security, IT, system, or productivity product you have deployed. [Learn More](#Ingest) ## Centralized Threat Detection Stellar Cyber automatically finds threats using a mix of detection capabilities. [Learn More](#CentralizedThreatDetection) ## Sensor-Driven Threat Detection Stellar Cyber Sensors can be deployed to the far reaches of your environments with embedded threat- detection capabilities. [Learn More](#SensorThreatDetection) ## AI-Enabled Investigation Stellar Cyber eliminates the manual steps typically required to complete an investigation. [Learn More](#AIEnabledInvestigations) ## Automated Response Create playbooks that run automatically when a specific threat is detected. [Learn More](#AutomatedResponse) Your browser does not support the video tag. ## Ingest and Normalize Data Stellar Cyber ingests data from API-based connectors (cloud or on-prem), or from streaming log sources via protocols like Syslog. On-prem data sources can be captured because of Stellar Cyber’s Sensors, which can be deployed physically or virtually to hook into those environments. Data, regardless of its origin, gets normalized into a standard data model. Common fields like source IP, timestamp, or logon type are always standardized when possible to make workflows easy. Third-party specific data is kept in a vendor data namespace. Data is also enriched with geolocation and asset context to increase the value of all telemetry. ## Centralized Threat Detection ## Stellar Cyber uses several methods to root out potential threats: - Easy-to-find sources of known bad are found through rules in Stellar Cyber, with new and updated rules being shipped continuously to all customers, sourced from our internal detection team as well as open communities like SigmaHQ. - Harder-to-find sources of known bad are identified using supervised machine learning detection. Stellar Cyber’s security research team develops models based on publically available or internally generated datasets and continuously monitors model performance across the fleet. - Unknown and zero-day threats are uncovered using unsupervised machine learning techniques. These models look for anomalous behavior indicative of a threat. These models baseline over several weeks on a per-customer/per-tenant basis. Your browser does not support the video tag. Your browser does not support the video tag. ## Sensor Driven Threat Detection Stellar Cyber’s sensors not only collect logs from cloud and on-prem sources, they also create visibility and deploy network-based detections to the edge. Sensors package together Deep Packet Inspection (DPI), Intrusion Detection System (IDS), and Malware Sandbox into a single configurable software package. ## AI-Enabled Investigations Correlation across detections and other data signals occurs through a GraphML-based AI that aids analysts by automatically assembling related data points. The AI determines connection strength between discrete events that can be sourced from any data source, based on property, temporal, and behavioral similarities. This AI is trained on real-world data generated by Stellar Cyber and is continuously improved with its operational exposure. [Explore AI Investigator](https://stellarcyber.ai/ai-investigator-natural-language-threat-hunting/) Your browser does not support the video tag. Your browser does not support the video tag. ## Agentic-AI-Powered Automatic Triage Users have complete control over the context, conditions, and outcomes of playbooks—now supercharged by GenAI-powered digital workers. Playbooks can be deployed globally or per tenant, with Agentic AI enabling adaptive responses. Use built-in playbooks for standard actions, or easily create custom ones to trigger EDR responses, call webhooks, or send emails—all with intelligent automation. [Explore Automatic Triage](https://stellarcyber.ai/automatically-triage-phishing-emails-with-stellar-cyber/) “Users can enhance their favorite EDR tools with full integration into an XDR platform.” ### Jon Oltsik Senior Principal Analyst and ESG Fellow “Stellar Cyber is the most cost-effective way to adopt AI and XDR” ### Erwin Eimers CISO of Sumitomo Chemical “Sportscar Performance XDR for a Family Sedan Budget!” ### Gartner Peer Insights Director of IT ### 4.8 “The platform’s AI delivers a complete view of security events across our clients’ global infrastructure under one pane of glass” ### Todd Willoughby Director of Security & Privacy at RSM US “Stellar Cyber delivers built-in NDR, Next Gen SIEM and Automated Response” ### Rik Turner Principal Analyst, Security and Technology “Stellar Cyber reduced our analysis expenses and enabled us to kill threats far more quickly.” ### Central IT Department University of Zurich [For MSSPs](https://stellarcyber.ai/product/stellar-cyber-for-mssps/) [For Enterprises](https://stellarcyber.ai/product/sc-enterprises/) ## It’s Your Turn to ## See. Know. Act. Stellar Cyber unifies your stack, automates response, and connects you with trusted partners—giving you clarity, control, and measurable results. [Request a Demo](https://stellarcyber.ai/request-a-demo/) [Explore the Platform](https://stellarcyber.ai/platform/) ## It’s Your Turn to ## See. Know. Act. Stellar Cyber unifies your stack, automates response, and connects you with trusted partners—giving you clarity, control, and measurable results. [Request a Demo](https://stellarcyber.ai/request-a-demo/) [Explore the Platform](https://stellarcyber.ai/platform/)