Alert Escalation


Once AE has processed raw network telemetry, it generates refined alerts that can be consumed by different downstream processes (e.g. SIEM, SOAR, ChatOps, and ticketing systems).

The AlphaSOC Network Flight Recorder (NFR) utility can be deployed on a physical appliance, virtual machine, or run locally as a lightweight agent. NFR can be configured to pull alerts from AE and send them over Syslog in CEF or JSON format.

The table below describes the supported destinations and the mechanism by which each can be retrieved from AE and escalated. For example, users can send AE alerts to a SIEM or SOAR platform using NFR, or can use our Splunk app to render output.

DestinationFormatEscalation OptionsPlug & Play
JSONCEFGELF
SplunkNetwork Behavior Analytics for Splunk
Graylog2AlphaSOC NFR
Cortex XSOARAlphaSOC NFR
SIEM platformsAlphaSOC NFR
SOAR platformsAlphaSOC NFR