Data Pre-Processor for Elasticsearch and Splunk

Are you using Elasticsearch as a security logging platform?

Security information and event management (SIEM) systems are used to collect and store security events, mainly logs, in a centralized platform. After the events are aggregated, central analysis, reporting and attack detection can be conducted. However, since these products are usually targeted at large organizations with ample staffing and resources, they are complex to setup and expensive to maintain. Recently, Elasticsearch has emerged as an alternative to SIEM for log collection and storage. As an open source system, it is well-suited to the needs of organizations of any size.

With Starlight for SIEM, you can gain more visibility and utility out of SIEM investments such as Elasticsearch or Splunk. AellaFlow’s high performance metadata extraction enriches data with additional context from a wide variety of sources while dramatically reducing data volume. Deploy Aella in front of your SIEM infrastructure as a processor and enhancer to supercharge your data and conserve your SIEM resources.

Features:

  • Distributed, intelligent Aella agents capture server processes, command executions, application logs, network traffic, as well as user information

  • Extract network traffic metadata up to Layer 7 for over 3,000 applications.

  • Local data correlation

  • Starlight Big Data Processor can enrich data further with threat intelligence, GEO-location, user name, and domain name, among others

  • Real time breach detection conducted by both agents and Big Data processor

  • Transport pre-processed, enriched data to Elasticsearch in lightweight JSON

  • Centralized management and control

  • Rapid deployment of agents