Log Storage and Real-time Analytics

A modern EDR (Endpoint Detection & Response) and SIEM solution (Security Information and Event Management) require the continuous collection of telemetry data from servers, desktops, laptops, and other devices around the clock to provide actionable insights to SOC and GRC teams. Avalanchio does precisely that. Built on top big data products, it enables the organization to collect data from unlimited endpoints in real-time. Data onboarding pipeline filters, parses, normalizes, and enriches the event data before storing them on a big data lake.
log storage
The product has a built-in rule set to detect suspicious activities.
It allows SOC analysts to write their own rules using simple to complex conditions, time filters, lookups, merging multiple datasets.
Avalanchio supports a well-known SQL language and a domain-specific language, AQL, developed by the company.

Real-time Analytics, Data Retention and Compliance

While it is crucial to have real-time visibility of the incoming data, it is also necessary to look back at historical data, especially to investigate the social engineering events. So, the Avalanchio does not mandate deletion or archiving of raw or derived data unless you want to do. Data are stored in highly compressed format.
image

Data Sources

  • Active Directory
  • Linux Server
  • Windows Server
  • Firewalls
  • Network Proxy Servers
  • Applications
image

Input Data

  • Logs from various sources
image

Solution Deliverables

  • Continous data onboarding using remote agents
  • Parsing filtering
  • Common data model (CDM) by function
  • Search, report, dashboard
  • Scheduled report, email alerts
  • 360o view by asset Id and entity id
  • Provide API access to third party applications
  • Unlimited retention period
  • Log archival/retrieval for long term storage
  • Live SOC operation dashboard
  • Case management, exception reporting
  • SOAR tool integration
  • Behavioral analytics
  • Risk scoring
  • Continuous security monitoring