Rule Engine
Events to Actions
Avalannchio rule engine detects complex event patterns and takes automated actions.
Real-time
Remote agents collect data from devices, existing log tools or various endpoints and send them to Avalanchio in real-time.
Detection
Extract required features from the events and define rules using SQL and various other techniques to detect simple to advanced patterns.
Automated Actions
Send incidicators to alert center for further investigation, call webhooks, run playbooks or simply send alert notifications.
SQL or Drag and No-code query builder
Express your business logic using standard ANSI SQL, which will run continuously. Refine results using several built-in layers of techniques such anomaly detection, rarity analysis.
Low latency and high concurrency queries
Run thousands of queries per day, with query latency as low as a few milliseconds.
Trigger Action
Automate actions as soon as some suspicious patterns are found from the events. Send alerts, run playbooks, invoke web hooks etc.
Backtesting & Feedback
Re-run a rule on historical events to test a hypothesis. Analysts’ feedbacks are used to curb false alarms using a built-in ML model.
How it works
Rule engine analyzes data in real-time, continuously builds data profiles, triggers automate actions as soon as some suspicious patterns are detected in the events.
Easy to configure rules
Use SQL statements to filter targeted events or prepare enriched datasets.
Define rule using sigma rule format. It makes it easy to integrate with rules maintained by open source community.
Run the rules against real time data stream with response time as low as a few seconds.
Rule engine can execute thousands of rules against large data volume with less hardware.
Rare event detection and prediction
Identify rare or unusual events or behaviors within a system or network
E.g. user suddenly accesses a sensitive file that they have never accessed before
E.g. a particular type of network traffic occurs at an unexpected time or frequency.
Predict rare events ahead of time to precautionary measure.
Rate Limiter
Preventing abuse, overuse, and ensuring fair usage of resources using rate limiter
Control the rate at which clients can make requests to certain resources.
Sets limits on the number of requests within a specified timeframe
Trigger controls to throttle rate of requests or block requests completely.
Anomaly Detection
Detects anomalies using built-in anomaly detection techniques.
Techniques such as isolation forest, one class SVM, local outlier factor, Histogram-based Outlier Detection (HBOS) to name a few.
No-code is required
Majority of the algorithms are unsupervised. Hence, they start working as soon as you on-board data.
Indicator Classifier
Indicator classifier minimizes false positive detections or also known as false alarms using built-in machine learning models.
The models are periodically retrained to gather intelligence from recent actions by the analysys on the indicators reducing the simiar work in future.
Allows your team to focus on truely important events by eliminating noise.
Automated Actions
Run remediation playbooks. Use hundreds of hundreds of built-in playbooks or create your own very easily using Python script.
Run webhooks to call any third party endpoints, for example, to trigger a workflow.
Send notifications via email.
Real-time
Agents collect data from your local data center, existing log tools or REST endpoints.
Rules
Define rules using SQL. Run the rules in near realtime to detect complex patterns.
Actions
Send events data to alert center, call webhooks, run playbooks etc.