Data Ingestion

Many customers leverage aggregation and storage mechanisms such as Splunk and Elastic to index and collect data, which can then be easily shipped to AE for scoring. The engine also supports ingest directly from network sensors and cloud infrastructure.

AlphaSOC maintains a software package called Network Flight Recorder (NFR) that can be deployed on a physical appliance, virtual machine, or run locally as a lightweight agent. NFR can operate as a sniffer to monitor packets in real-time, or parse network events from storage.

The table below describes the supported data sources and the mechanism by which each can be sent to AE for processing. For example, users can submit logs directly to AE from an Elastic environment using LogStash or Packetbeat, or use AlphaSOC NFR to monitor Zeek or Suricata log files on disk and ship those to AE for scoring. AE can also retrieve events from Amazon S3.

SourceTelemetry TypeIngestion Options
AWS VPC FlowAmazon S3
Azure NSG FlowAzure Blob Storage
CorelightSFTP or Amazon S3 or AlphaSOC NFR
ElasticsearchAlphaSOC NFR
GCP VPC Flow LogsGoogle Cloud Stoage
SnowflakeShared Data Table
SplunkNetwork Behavior Analytics for Splunk
SuricataAlphaSOC NFR
Zeek / BroAlphaSOC NFR