Skip to main content

Alert Escalation

Once AE has processed raw network telemetry, it generates refined alerts that can be consumed by different downstream processes (e.g. SIEM, SOAR, ChatOps, and ticketing systems).

The AlphaSOC Network Flight Recorder (NFR) utility can be deployed on a physical appliance, virtual machine, or run locally as a lightweight agent. NFR can be configured to pull alerts from AE and send them over Syslog in CEF or JSON format.

The table below describes the supported destinations and the mechanism by which each can be retrieved from AE and escalated. For example, users can send AE alerts to a SIEM or SOAR platform using NFR, or can use our Splunk app to render output.

DestinationFormatEscalation Options
JSONCEFGELFCustom
EleasticsearchAlphaSOC Beat
SplunkNetwork Behavior Analytics for Splunk
GraylogAlphaSOC NFR + Network Behavior Analytics for Graylog
Cortex XSOARAlphaSOC NFR
Google Cloud StorageComing soon
SnowflakeComing soon
SIEM platformsAlphaSOC NFR
SOAR platformsAlphaSOC NFR