Overview
AlphaSOC ingests and analyzes structured telemetry from diverse sources across your digital landscape. This process involves normalizing logs into a unified schema and enriching them before analysis. To collect this data effectively, AlphaSOC supports various standardized formats and transport methods, ensuring seamless integration with your existing infrastructure.
Supported Formats
AlphaSOC processes telemetry in multiple standardized formats to accommodate various network environments and data sources. The following file formats are officially supported for data ingestion and analysis:
- CSV
- dnstap
- JSON
- TSV
- Parquet
Supported Transports
AlphaSOC supports various methods for transporting telemetry data into the platform. Choose the transport method that best suits your environment and data sources:
- Amazon S3: Submit data stored in an S3 bucket.
- Azure Blob Storage: Submit data stored in an Azure Storage account.
- Cribl: Send logs via Cribl Stream using a custom S3 destination.
- CoreDNS: Forward DNS query and response data captured via CoreDNS.
- Google Cloud Storage: Submit data stored in Google Cloud Storage (GCS).
- HTTPS: Use the secure AlphaSOC REST API for data submission.
- S3 Protocol: Upload data securely to the AlphaSOC S3 endpoint, suitable for sources like Corelight.
- SFTP: Upload data securely to the AlphaSOC SFTP endpoint using SSH key authentication.
- Snowflake: Allow AlphaSOC to pull telemetry data directly from shared Snowflake database tables.
- Splunk: Use the "Network Behavior Analytics for Splunk" app to process and submit network telemetry.
Custom Requirements
If your telemetry is in an unsupported format or you prefer any other transport than currently supported, please contact support@alphasoc.com for assistance.