Alertflex project is automation, continuous monitoring, threat detection and response solution. Alertflex designed for use in Hybrid IT infrastructure (on-premises and cloud-based) and can monitor different types of platforms - Windows, Linux, Docker, Kubernetes, Amazon AWS.
The solution works as a Security Event Manager with SOAR functionality for a distributed grid of security sensors and scanners. At this moment Alertflex provides an orchestrator and a single pane of glass for more than 30 products. Integrated products are mostly free open-source software in the areas of Intrusion Detection and DevSecOps, which can be unified by Alertflex into one or several projects.
One of the advantages of Alertflex is cyber threat intelligence for security events and NetFlow in a mode close to real-time. The response to detected threats can be a running Playbook with predefined security operations. Integration Alertflex with the OpenDistro Anomaly Detection feature (Random Cut Forest AI algorithm), makes it possible to configure automated response not only for discrete events but for an anomaly rate of events as well.
The screenshots show the web interface of Alertflex Management console. Additionaly, there is present a screenshot of web interface Malware Information Sharing Platform. MISP is tightly integrated with Alertflex via MySQL and can be installed from a Docker image as a part of solution. To see more screenshots, please, scroll the image by arrows.
Alerts filtering, prioritization and visualization
Reports about threats, misconfigurations, vulnerabilities
Security operations automation and response
Central node configuration is bare-metal server or virtual machine
One project, single tenant