Open Source Security Automation and Monitoring Solution
Alertflex project is automation, continuous monitoring, threat detection and response solution. Alertflex designed for use in Hybrid IT infrastructure (on-premises and cloud-based) and can monitor different types of platforms - Windows, Linux, Docker, Kubernetes, Amazon AWS.
The solution works as a Security Event Manager with SOAR functionality for a distributed grid of security sensors and scanners. At this moment Alertflex provides an orchestrator and a single pane of glass for more than 30 products. Integrated products are mostly free open-source software in the areas of Intrusion Detection and DevSecOps, which can be unified by Alertflex into one or several projects.
One of the advantages of Alertflex is cyber threat intelligence for security events and NetFlow in a mode close to real-time. The response to detected threats can be a running Playbook with predefined security operations. Integration Alertflex with the OpenDistro Anomaly Detection feature (Random Cut Forest AI algorithm) makes it possible to configure automated response not only for discrete events but for an anomaly rate of events as well.
Alert triage - filtering, prioritization, validation
Integrated analysis for containers, endpoints, network
Reports about threats, misconfigurations, vulnerabilities
Security operations automation and response
The screenshots show the web interface of Alertflex Management console. Additionaly, there is present a screenshot of web interface Malware Information Sharing Platform. MISP is tightly integrated with Alertflex via MySQL and can be installed from a Docker image as a part of solution. To see more screenshots, please, scroll the image by arrows.
Have a question or need tech support, please send an email to our contact address info@alertflex.org
and join the Alertflex community via Discord server
COMMUNITY EDITION
Alerts filtering, prioritization and visualization
Reports about threats, misconfigurations, vulnerabilities
Security operations automation and response
Central node configuration is bare-metal server or virtual machine
One project, single tenant
Community support
PROFESSIONAL EDITION
Alerts filtering, prioritization and visualization
Reports about threats, misconfigurations, vulnerabilities
Security operations automation and response
Central node configuration is scalable microservice architecture
Multiple projects, multi-tenancy
Tech support, custom integration, consulting
Wazuh EDR / HIDS
Suricata NIDS
Falco CRS
ModSecurity WAF
AWS WAF
AWS Network Firewall
Amazon GuardDuty
Amazon Inspector
AWS Lambda
Kube-bench
Kube-hunter
Trivy
Docker-bench
Dependency-check
SonarQube
OWASP ZAP
Nmap
Nikto
VirusTotal
MISP
IBM X-Force
Cuckoo Sandbox
Falcon Sandbox
VMRay Sandbox
Open Distro
GrayLog
TheHive
OpenDXL, STIX-Shifter
MITRE ATT&CK
JIRA
Ansible
Automation SSH/SFTP
Groovy Scripts
Twilio SMS
SendGrid Email
