Alert Escalation
Once AE has processed raw network telemetry, it generates refined alerts that can be consumed by different downstream processes (e.g. SIEM, SOAR, ChatOps, and ticketing systems).
The AlphaSOC Network Flight Recorder (NFR) utility can be deployed on a physical appliance, virtual machine, or run locally as a lightweight agent. NFR can be configured to pull alerts from AE and send them over Syslog in CEF or JSON format.
The table below describes the supported destinations and the mechanism by which each can be retrieved from AE and escalated. For example, users can send AE alerts to a SIEM or SOAR platform using NFR, or can use our Splunk app to render output.
Destination | Format | Escalation Options | |||
---|---|---|---|---|---|
JSON | CEF | GELF | Custom | ||
Eleasticsearch | ✓ | AlphaSOC Beat | |||
Splunk | ✓ | Network Behavior Analytics for Splunk | |||
Graylog | ✓ | AlphaSOC NFR + Network Behavior Analytics for Graylog | |||
Cortex XSOAR | ✓ | AlphaSOC NFR | |||
Google Cloud Storage | ✓ | Coming soon | |||
Snowflake | ✓ | Coming soon | |||
SIEM platforms | ✓ | ✓ | AlphaSOC NFR | ||
SOAR platforms | ✓ | ✓ | AlphaSOC NFR |