Data Pre-Processor for Elasticsearch and Splunk
Security information and event management (SIEM) systems are used to collect and store security events, mainly logs, in a centralized platform. After the events are aggregated, central analysis, reporting and attack detection can be conducted. However, since these products are usually targeted at large organizations with ample staffing and resources, they are complex to setup and expensive to maintain. Recently, Elasticsearch has emerged as an alternative to SIEM for log collection and storage. As an open source system, it is well-suited to the needs of organizations of any size.
With Starlight for SIEM, you can gain more visibility and utility out of SIEM investments such as Elasticsearch or Splunk. Stellar CyberFlow’s high performance metadata extraction enriches data with additional context from a wide variety of sources while dramatically reducing data volume. Deploy Stellar Cyber in front of your SIEM infrastructure as a processor and enhancer to supercharge your data and conserve your SIEM resources.
Distributed, intelligent Stellar Cyber agents capture server processes, command executions, application logs, network traffic, as well as user information
Extract network traffic metadata up to Layer 7 for over 3,000 applications.
Local data correlation
Starlight Big Data Processor can enrich data further with threat intelligence, GEO-location, user name, and domain name, among others
Real time breach detection conducted by both agents and Big Data processor
Transport pre-processed, enriched data to Elasticsearch in lightweight JSON
Centralized management and control
Rapid deployment of agents