Open Source Security Automation and Monitoring Solution

Alertflex project is automation, continuous monitoring, threat detection and response solution. Alertflex designed for use in Hybrid IT infrastructure (on-premises and cloud-based) and can monitor different types of platforms - Windows, Linux, Docker, Kubernetes, Amazon AWS.

The solution works as a Security Event Manager with SOAR functionality for a distributed grid of security sensors and scanners. At this moment Alertflex provides an orchestrator and a single pane of glass for more than 30 products. Integrated products are mostly free open-source software in the areas of Intrusion Detection and DevSecOps, which can be unified by Alertflex into one or several projects.

One of the advantages of Alertflex is cyber threat intelligence for security events and NetFlow in a mode close to real-time. The response to detected threats can be a running Playbook with predefined security operations. Integration Alertflex with the OpenDistro Anomaly Detection feature (Random Cut Forest AI algorithm) makes it possible to configure automated response not only for discrete events but for an anomaly rate of events as well.

Alert triage

Alert triage - filtering, prioritization, validation

integration Host IDS, Network IDS, Cloud-Native runtime security

Integrated analysis for containers, endpoints, network

free open source IDS, vulnerabilities scaner tools

Reports about threats, misconfigurations, vulnerabilities

free open source SOAR

Security operations automation and response

The screenshots show the web interface of Alertflex Management console. Additionaly, there is present a screenshot of web interface Malware Information Sharing Platform. MISP is tightly integrated with Alertflex via MySQL and can be installed from a Docker image as a part of solution. To see more screenshots, please, scroll the image by arrows.

Have a question or need tech support, please send an email to our contact address

and join the Alertflex community via Discord server


  • Alerts filtering, prioritization and visualization

  • Reports about threats, misconfigurations, vulnerabilities

  • Security operations automation and response

  • Central node configuration is bare-metal server or virtual machine

  • One project, single tenant

  • Community support


  • Alerts filtering, prioritization and visualization

  • Reports about threats, misconfigurations, vulnerabilities

  • Security operations automation and response

  • Central node configuration is scalable microservice architecture

  • Multiple projects, multi-tenancy

  • Tech support, custom integration, consulting

integration with Wazuh EDR / HIDS

Wazuh EDR / HIDS

integration with Suricata NIDS

Suricata NIDS

integration with Falco CRS

Falco CRS

integration with Modsecurity

ModSecurity WAF

integration with AWS WAF


integration with AWS Network firewall

AWS Network Firewall

integration with Amazon GuardDuty

Amazon GuardDuty

integration with Amazon Inspector

Amazon Inspector

integration with AWS Lambda

AWS Lambda

integration with Kube-bench


integration with Kube-hunter


integration with Trivy


integration with Docker-bench


integration Dependency-check


integration with SonarQube


integration with OWASP ZAP


integration with Nmap


integration with Nikto


>integration with VirusTotal


integration with MISP


integration with IBM X-Force Exchange

IBM X-Force

integration with Cuckoo

Cuckoo Sandbox

integration with Falcon Sandbox

Falcon Sandbox

integration with VMRay Sandbox

VMRay Sandbox

integration with Opendistro

Open Distro

integration with GrayLog


integration with ThHive


integration with STIX-shifter

OpenDXL, STIX-Shifter

integration with MITRE ATT&CK


integration with JIRA


Integration Ansible


>Automation SSH/SFTP

Automation SSH/SFTP

integration with Groovy

Groovy Scripts

integration with Twilio

Twilio SMS

integration with SendGrid

SendGrid Email

integration with Slack