NSM solution

Alertflex is a security monitoring project designed for use in Hybrid Clouds (traditional and cloud-based IT infrastructure). By monitoring security events from open source Host IDS, Network IDS and Web Application Firewall in real-time, Alertflex helps to detect network intrusions and malware on all network from the perimeter to the endpoints.

Alertflex may work as a stand-alone system or as part of a unified security solution. Alertflex provides alerts management, orchestration and automation for well-known open source security applications, implements the SecOps functionality:

Alerts filtering and prioritization

Detection intrusions and vulnerabilities

Integrated analysis network, endpoint

Incident response

Services orchestration

Tasks automation

COMPONENTS

The Alertflex implements a modern security event management technology based on five levels: Collection, Streaming, Analysis, Storage, Access. For working in a distributed environment of Hybrid Clouds, the solution consists of separate software components Collector, Controller, Web Management Console. Collector (Altprobe) is located in the network domain where security sensors are installed (Host IDS, File Integrity Monitor, Network IDS, Web Application Firewall). Together with security sensors, Collector logically forms a cloud or on-premises node. Alertflex Controller and Web Console make up the central node. The central node may be geographically located in the cloud itself (which it controls), in a remote office or on the cloud / MSSP side of the provider. To exchange messages between the cloud node and the central node, the ActiveMQ message broker is used. The security of connections between nodes is implemented on the basis of support for SSL / TLS protocols built into ActiveMQ. Through the use of microservices based architecture, the solution can be easily scaled from the stand-alone appliance configuration to the distributed configuration for multi-clouds.