Documentation Home


The AlphaSOC Analytics Engine (AE) performs fast multi-dimensional processing of network telemetry to identify anomalies and highlight compromised hosts. AE is commonly consumed as a multi-tenant cloud service, but can also be run locally on-premise. AlphaSOC users send raw network telemetry to AE, which processes the data to generate high fidelity alerts.

AE is origin agnostic and can process data from many sources, including:

  • Cloud infrastructure (e.g. VPC flow logs)
  • Network infrastructure (e.g. firewalls, web proxies, and DDI appliances)
  • Network sensors (e.g. Corelight / Zeek, Suricata, and Splunk Stream)
  • Servers (e.g. DNS and Active Directory servers)
  • Endpoints (via agents such as Cisco Umbrella)