Open Source Security Automation and Monitoring Solution

Alertflex project is automation, continuous monitoring, threat detection and response solution. Alertflex designed for use in Hybrid IT infrastructure (on-premises and cloud-based) and can monitor different types of platforms - Windows, Linux, Docker, Kubernetes, Amazon AWS.

The solution works as a Security Event Manager with SOAR functionality for a distributed grid of security sensors and scanners. At this moment Alertflex provides an orchestrator and a single pane of glass for more than 30 products. Integrated products are mostly free open-source software in the areas of Intrusion Detection and DevSecOps, which can be unified by Alertflex into one or several projects.

One of the advantages of Alertflex is cyber threat intelligence for security events and NetFlow in a mode close to real-time. The response to detected threats can be a running Playbook with predefined security operations. Integration Alertflex with the OpenDistro Anomaly Detection feature (Random Cut Forest AI algorithm), makes it possible to configure automated response not only for discrete events but for an anomaly rate of events as well.

Alert triage

Alert triage - filtering, prioritization, validation

integration Host IDS, Network IDS, Cloud-Native runtime security

Integrated analysis for containers, endpoints, network

free open source IDS, vulnerabilities scaner tools

Reports about threats, misconfigurations, vulnerabilities

free open source SOAR

Security operations automation and response

0

1

2

3

4

5

6

The screenshots show the web interface of Alertflex Management console. Additionaly, there is present a screenshot of web interface Malware Information Sharing Platform. MISP is tightly integrated with Alertflex via MySQL and can be installed from a Docker image as a part of solution. To see more screenshots, please, scroll the image by arrows.

Have a question or need tech support, please send an email to our contact address info@alertflex.org

and join the Alertflex community via Discord server

COMMUNITY EDITION

Alerts filtering, prioritization and visualization
Reports about threats, misconfigurations, vulnerabilities
Security operations automation and response
Central node configuration is bare-metal server or virtual machine
One project, single tenant
Community support

PROFESSIONAL EDITION

Alerts filtering, prioritization and visualization
Reports about threats, misconfigurations, vulnerabilities
Security operations automation and response
Central node configuration is scalable microservice architecture
Multiple projects, multi-tenancy
Tech support, custom integration, consulting

integration with Wazuh EDR / HIDS

Wazuh EDR / HIDS

integration with Suricata NIDS

Suricata NIDS

integration with Falco CRS

Falco CRS

integration with Modsecurity

Modsecurity WAF

integration with OWASP ZAP

OWASP ZAP

integration with Nmap

Nmap

integration with SonarQube

SonarQube

integration Dependency-check

Dependency-check

integration with Docker-bench

Docker-bench

integration with Kube-bench

Kube-bench

integration with Kube-hunter

Kube-hunter

integration with Trivy

Trivy

integration with Amazon GuardDuty

Amazon GuardDuty

integration with Amazon Inspector

Amazon Inspector

integration with AWS Lambda

AWS Lambda

Automation SSH tasks

Automation SSH tasks

>Automation SFTP tasks

Automation SFTP tasks

integration with Groovy

Groovy

>integration with VirusTotal

VirusTotal

integration with MISP

MISP

integration with Maxmind

MaxMind

integration with Cuckoo

Cuckoo Sandbox

integration with Falcon Sandbox

Falcon Sandbox

integration with VMRay Sandbox

VMRay Sandbox

integration with Opendistro

Elastic Stack

integration with Prometheus

Prometheus

integration with ThHive

TheHive

integration with STIX-shifter

OpenDXL, STIX-Shifter

integration with MITRE ATT&CK

MITRE ATT&CK

integration with JIRA

JIRA

integration with Twilio

Twilio SMS

integration with SendGrid

SendGrid Email

integration with Slack

Slack

GitHub