NSM solution

Alertflex project is a continuous security monitoring solution designed for use in Hybrid Clouds (on-premises and cloud-based IT infrastructure). By monitoring events and information derived from well-known open source security applications near real-time, Alertflex helps to detect cyber intrusions or vulnerabilities, give companies end-to-end security visibility. Alertflex allows introducing DevSecOps, OWASP and SOAR best practices.

Alerts filtering, prioritization and visualization

Detection intrusions and vulnerabilities, Threat Hunting

Integrated analysis network, containers and hosts

Incident response

Services orchestration

Tasks automation

Solution components:

The Alertflex implements a modern security event management technology based on five levels: Collection, Streaming, Analysis, Storage, Access. For working in a distributed environment of Hybrid Clouds, the solution consists of separate software components Collector, Controller, Web Management Console, Worker. Collector (Altprobe) is located in the network domain where security sensors are installed (Container Runtime Security, Host IDS, File Integrity Monitor, Network IDS, Web Application Firewall). Together with security sensors, Collector logically forms a cloud or on-premises node. Alertflex Controller, Web Console and Workers make up the central node. The central node may geographically be located in itself the IT infrastructure monitored by the central node or in a remote office, on the public/private cloud side. To exchange messages between the cloud/on-premises node and the central node, the ActiveMQ or AmazonMQ message broker is used. The security of connections between nodes is implemented on the basis of support for SSL / TLS protocols built into ActiveMQ. Through the use of microservices based architecture, the solution can be easily scaled from the stand-alone appliance configuration to the distributed configuration for multi-clouds.

Below, several screenshots of Alertflex web console.