Alertflex project is a continuous security monitoring solution designed for use in Hybrid Clouds (on-premises and cloud-based IT infrastructure). By monitoring events near real-time from well-known open-source security applications, Alertflex gives companies end-to-end security visibility. Additionally, Alertflex implements the SOAR technology stack which allows introducing CTI, OWASP and DevSecOps best practices.
The Alertflex implements a modern security event management technology based on five levels: Collection, Streaming, Analysis, Storage, Access. For working in a distributed environment of Hybrid Clouds, the solution consists of separate software components Collector, Controller, Web Management Console, Worker. Collector (Altprobe) is located in the network domain where security sensors are installed (Container Runtime Security, Host IDS, File Integrity Monitor, Network IDS, Web Application Firewall). Together with security sensors, Collector logically forms a collector node. Alertflex Controller, Web Console, and Workers make up the central node. The central node could be located inside of monitored IT infrastructure or outside. To exchange messages between the collector node and the central node, the ActiveMQ message broker is used. The security of connections between nodes is implemented on the basis of support for SSL / TLS protocols built into ActiveMQ. The solution can be easily scaled from the stand-alone appliance configuration to the distributed configuration for multi-clouds.
Have a question, need tech support or new feature, send an email to address: email@example.com
For downloading free and open-source components of the project, visit our page on the Github
Check out the proposals