Alertflex is a security monitoring project designed for use in Hybrid Clouds (traditional and cloud-based IT infrastructure). By monitoring security events from open source Host IDS, Network IDS and Web Application Firewall in real-time, Alertflex helps to detect network intrusions and malware on all network from the perimeter to the endpoints.

Alertflex may work as a stand-alone system or as part of a unified security solution. Alertflex provides alerts management, orchestration and automation for well-known open source security applications, implements the SecOps functionality:

Alerts filtering and prioritization

Detection intrusions and vulnerabilities

Integrated analysis network, endpoint

Incident response

Services orchestration

Tasks automation

COMPONENTS

The Alertflex implements a modern security event management technology based on five levels: Collection, Streaming, Analysis, Storage, Access. For working in a distributed environment of Hybrid Clouds, the solution consists of separate software components Collector, Controller, Web Management Console. Collector (Altprobe) is located in the network domain where security sensors are installed (Host IDS, File Integrity Monitor, Network IDS, Web Application Firewall). Together with security sensors, Collector logically forms a cloud or on-premises node. Alertflex Controller and Web Console make up the central node. The central node may be geographically located in the cloud itself (which it controls), in a remote office or on the cloud / MSSP side of the provider. To exchange messages between the cloud node and the central node, the ActiveMQ message broker is used. The security of connections between nodes is implemented on the basis of support for SSL / TLS protocols built into ActiveMQ. Through the use of microservices based architecture, the solution can be easily scaled from the stand-alone appliance configuration to the distributed configuration for multi-clouds.

DEMO

Below, several screenshots of Alertflex web console.

Below, the short video clip demonstrates a functional of Alertflex:

DOWNLOAD

For downloading open source collector (Altprobe) and controller, visit our page on the Github .

The Alertflex controller GitHub repository additionally includes Alertflex web management console. Because the console uses commercial third-party UI web libraries, it is available only in binary format. The Apache license of the Alertflex Controller does not cover of the console. It is required to confirm EULA (see documentation), if you are planning to use the web console.

The Alertflex worker is under testing and it will be available later.

Have a question or need tech support, please send an email to address:info@alertflex.org

INTEGRATIONS

Card image cap
Wazuh EDR/HIDS
Card image cap
Modsecurity WAF
Card image cap
Suricata NIDS
Card image cap
MISP CTI
Card image cap
TheHive project
Card image cap
Cuckoo Sandbox
Card image cap
OWASP ZAP scaner
Card image cap
Nmap scaner
Card image cap
Graylog
Card image cap
VirusTotal
Card image cap
FIR
Card image cap
Falcon Sandbox
Card image cap
Metricbeat
Card image cap
Slack IM
Card image cap
Twilio SMS
Card image cap
SSH client
Card image cap
SFTP client
Feedback