Solution description

SensorFleet solution enables lightweight and distributed cyber security monitoring. Instruments are components dedicated for specific monitoring tasks and are installed on a Sensor Platform. Sensor Platform will be deployed either as a hardware or virtual appliance. Virtual appliance or Cloud Sevice based Fleet Management controls the fleet of sensors and orchestrates Instrument deployments.

Instruments

  • Are containerized software components for specific cyber security related monitoring tasks
  • Examples of SensorFleet solution Instruments include Suricata IDS, Cowrie Honeypot and PassiveDNS collector
  • Can augment alerts generated by the other Instruments. For example, PassiveDNS can add domain names to Suricata alerts
  • Can be chained. For example, identities captured with Cowrie Honeypot can be added on Suricata watchlist
  • Users can develop or integrate their own Instruments. Any software that can be deployed as a container transforms easily to Instrument

Sensor Platform

  • Hosts the Instruments, providing a deployment platform and containment
  • Installed either as a hardware appliance or virtual appliance
  • Provides the API's for custom developed Insturuments. Available for both users and partners
  • Sensor - A term for an individual instance of Sensor Platform with the set of Instruments, running either on hardware or virtual appliance

Fleet Management

  • Used for deploying Instruments across the fleet of Sensors
  • Provides control and policy enforcement for the data sharing and retention
  • Collects the events and alerts produced by the fleet of Sensors and can export them to external analytics solutions
  • Offers IoC, blacklist, ruleset and other configuration options of Sensors conveniently from single interface

Why SensorFleet

  • SensorFleet solution enables you to deploy multiple cyber security capabilities as Instruments on unified platform, reducing complexity and fragmentation of security tools palette
  • Open ecosystem reduces vendor lock and improves capability to react to emerging threats. Instruments developed by 3rd parties, whether commercial, inhouse or open souce, can be integrated
  • Monitoring of diverse networks on a single platform, whether IT, operational networks or cloud services, simplifies security operations and help in tracking threats across organization
  • Distributed monitoring is resilient and safeguards the forensic capability. Each Sensor is capable of operating in isolation from the rest of Sensor network and maintains it's own copy of collected alert- and forensic data