core the central unit of the Search Anywhere Framework the core module is the central unit of the Search Anywhere Framework, orchestrating the interaction among its various components and providing a unified access point to their functionalities. It encompasses an analytical engine that implements the SAF Language — a specialized "Search Processing Language" tailored for executing intricate correlation searches within the SAF ecosystem. This language facilitates a deep exploration of va...

incident manager a comprehensive solution dedicated to the life cycle management of incidents the incident manager module is a comprehensive solution dedicated to the lifecycle management of incidents spanning areas of information security, IT infrastructure, abnormal user behaviors, and business process errors. Its primary role is to capture crucial events as incidents, streamlining the organization and offering tools to manage identified incidents. Incidents can be auto-generated thr...

inventory asset formation and management tool the inventory module allows users to create a unified database of users and assets, including servers, workstations, network devices, information systems, and objects in a cluster infrastructure. It ensures that the asset database is kept up to date. key features integration of data from various sources The Inventory module automatically collects and updates the asset database using information from various sources such as Active Directory...

MITRE ATT&CK apply various MITRE ATT&CK usage scenarios in the protected infrastructure the MITRE ATT&CK module equips organizations to effectively deploy multiple MITRE ATT&CK use scenarios within their infrastructure. Users can evaluate their toolsets coverage of ATT&CK techniques, craft specialized threat models tailored to their IT landscape components, and detect potential technique use based on data source events. A visual interface showcases a matrix of tactics and techniques, fa...

compliance the pinnacle of compliance management the compliance module revolutionizes regulatory conformance by automating and streamlining assessments through a Data-Driven approach. Moving beyond traditional methods, this module captures machine data from various sources, providing a holistic dashboard view of an organization's compliance. With continuous insights and an emphasis on objectivity, it transforms compliance from a task into a strategic advantage, enhancing both security a...

cyber security a large database of correlation rules and functional dashboards for detecting and preventing incidents the cyber security module enriches the Security Analytics Platform with curated content. It encompasses ready-made correlation rules, incident detection mechanisms, response playbooks, configurations to integrate any security tool with SAF, and pre-installed dashboards, all delivered in the form of periodic content updates. key features curated content The Cyber Securi...

network automatic collection and analysis of equipment and communication data the network module is a robust tool for meticulous network monitoring and management. It auto-collects and analyzes equipment and communication data, allowing for swift issue detection and response. Resource tracking ensures optimal device performance and prevents inefficiencies, reducing maintenance costs. Additionally, the module's oversight on configuration changes and access history fortifies security, saf...

servers an in-depth, automated view into server health and performance the servers module monitors and analyzes server processes, resource usage, including CPU, memory, and disk activity, aiding in optimizing resources and preventing inefficiencies. With S.M.A.R.T. protocol integration, the module preemptively detects potential hard drive issues. Additionally, its autometric collection facilitates prompt notifications for issues, while dashboards and Asset-Service-Model enable real-tim...

microsoft active directory control of the main domain services and user accounts the microsoft active directory module controls of the main domain services, controls of user accounts: who is the domain administrator, who is the local administrator, notification when adding/removing an account from specific groups, determination of accounts that have not logged in for a certain period of time. Notification of the need to change passwords. Control of Active Directory security events. key ...

microsoft exchange analysis and control of the mail server data flow the microsoft exchange module controls the operation of the main mail server services, allows analysis of email flow by recipients, senders, and detects spikes in activity. Auditing access to mailboxes, determining instances of mail forwarding, auto-replies, etc. Detection of anomalies in mail traffic. key features mail server service management SAF Systems provides complete control over t...

netmap analyzing events from network devices the netmap module streamlines network topology understanding by analyzing events from network devices to identify and categorize them, further detailing their connections, ports, and interfaces. It auto-discovers network topologies by leveraging MAC address tables, ARP tables, and the LLDP protocol, pinpointing vendors and hostnames of connected devices. Beyond this, the module alerts users to network topology changes, like the discovery of n...

user behavior analytics detecting deviations in the behavior of various types of objects the UBA module provides mechanisms for detecting deviations in the behavior of various types of objects: users, hosts, administrators, information systems, business processes, etc. The universal scoring mechanism allows for identifying potential intruders, compromised accounts, calculating a cybersecurity index, analyzing operational efficiency and labor discipline, and combating fraud. Examples of ...