Alertflex Collector (Altprobe)
Alertflex project is a continuous security monitoring solution designed for use in Hybrid Clouds. By monitoring events near real-time from well-known open-source security applications, Alertflex provides end-to-end security visibility for on-premises and cloud-based IT infrastructure.
Alertflex implements two main functionality:
Security event management for a distributed hub of security sensors (Suricata NIDS, Wazuh HIDS, Falco CRS, Modsecurity WAF) based on the next levels:
- Collection (Alertflex collector)
- Streaming (ActiveMQ)
- Analysis (Alertflex controller)
- Storage (MySQL)
- Access (Alertflex controller and console)
Security operations automation and orchestration
- IDS centralized management for rules, configs, filtering policies, IP address blocking lists
- CTI functions which are based on integration with MISP. Performs a reputation checks for IP addresses, DNS records, MD5, SHA1 SHA256 hashes of files. Creates an alert, in case of suspicious data has been found.
- Can redirect alerts, Netflow, logs to open-source Log Management and monitoring systems ( Graylog, ElasticStack, Prometheus/Grafana)
- Can periodically to run scanning of remote files in Malware Analysis Sandbox (Cuckoo, Hybrid Analysis, VMRay)
- Integrates with SAST and DAST tools (Nmap, SonarQube, OWASP ZAP)
- Provides REST API for IDS alerts, compatible with Open Cybersecurity Alliance ecosystem
Altprobe includes Alertflex collector and installation scripts for security sensors (Suricata NIDS, Wazuh HIDS, Falco CRS).
For more information, please see the Alertflex project presentation
Please open an issue on GitHub, if you'd like to report a bug or request a feature.
Have a question or need tech support, please send an email to address: email@example.com