The AlphaSOC Analytics Engine (AE) performs fast multi-dimensional processing of network telemetry to identify anomalies and highlight compromised hosts. AE is commonly consumed as a multi-tenant cloud service, but can also be run locally on-premise. AlphaSOC users send raw network telemetry to AE, which processes the data to generate high fidelity alerts.
AE is origin agnostic and can process data from many sources, including:
- Cloud infrastructure (e.g. VPC flow logs)
- Network infrastructure (e.g. firewalls, web proxies, and DDI appliances)
- Network sensors (e.g. Corelight / Zeek, Suricata, and Splunk Stream)
- Servers (e.g. DNS and Active Directory servers)
- Endpoints (via agents such as Cisco Umbrella)