Once AE has processed raw network telemetry, it generates refined alerts that can be consumed by different downstream processes (e.g. SIEM, SOAR, ChatOps, and ticketing systems).
The AlphaSOC Network Flight Recorder (NFR) utility can be deployed on a physical appliance, virtual machine, or run locally as a lightweight agent. NFR can be configured to pull alerts from AE and send them over Syslog in CEF or JSON format.
The table below describes the supported destinations and the mechanism by which each can be retrieved from AE and escalated. For example, users can send AE alerts to a SIEM or SOAR platform using NFR, or can use our Splunk app to render output.
|Destination||Format||Escalation Options||Plug & Play|
|Splunk||✓||Network Behavior Analytics for Splunk||✓|
|Cortex XSOAR||✓||AlphaSOC NFR||✓|
|SIEM platforms||✓||✓||AlphaSOC NFR|
|SOAR platforms||✓||✓||AlphaSOC NFR|