Log Storage & Analysis

A modern EDR (Endpoint Detection & Response) and SIEM solution (Security Information and Event Management) require the continuous collection of telemetry data from servers, desktops, laptops, and other devices around the clock to provide actionable insights to SOC and GRC teams. Avalanchio does precisely that. Built on top big data products, it enables the organization to collect data from unlimited endpoints in real-time. Data onboarding pipeline filters, parses, normalizes, and enriches the event data before storing them on a big data lake. The product has a built-in rule set to detect suspicious activities. It allows SOC analysts to write their own rules using simple to complex conditions, time filters, lookups, merging multiple datasets. Avalanchio supports a well-known SQL language and a domain-specific language, AQL, developed by the company. While it is crucial to have real-time visibility of the incoming data, it is also necessary to look back at historical data, especially to investigate the social engineering events. So, the Avalanchio does not mandate deletion or archiving of raw or derived data unless you want to do. Data are stored in highly compressed format.