Monday, June 5, 2017

Open Source Incident Management & Response Platform: Cyphon

10:09 AM Leave a Reply
Open Source Incident Management & Response Platform: Cyphon

Open Source Incident Management & Response Platform

Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis.

     Many businesses rely on emails to manage alert notifications, which leaves their networks susceptible to overlooked incidents, alert fatigue and knowledge drain. Cyphon closes gaps in data management by collecting detailed information from a variety of sources – including email, log messages, APIs, social media and more. By giving analysts complete access to all these data sources through one platform, Cyphon maximizes data coverage while minimizing the time and energy needed to monitor networks.



     When alerts are triggered, analysts can investigate the incident directly through Cyphon. They can quickly view the type of activity encountered, its geographic origin and criticality level. With the click of a button, they can dive deeper into the data to find logs related to the incident. This reduces the time and effort needed to investigate an alert, allowing analysts to work more efficiently — and incidents to be remediated more quickly.

Cyphon is more than another SIEM or data collection tool. It is an all-in-one incident management solution that integrates with other APIs to streamline your workflow. Out of the box, Cyphon allows analysts to escalate and share issues with their team members and annotate alerts with the results of their analysis. This provides full transparency to your operations center or security staff, while also building a valuable knowledge base for your organization.



With Cyphon you can:

Collect data from a variety of sources, including email, social media, and logs
Filter data as it comes in, so it can be parsed, analyzed, and easily searched
Enhance data with automated analyses
Create alerts for important data as it arrives


Use Cases

Incident Management

Cyphon supports integrations with Bro, Snort, Nessus, and other popular security products.



Social Media Monitoring

Leveraging publicly available APIs, Cyphon can collect data from streaming sources. Search is based on keywords, geofencing, and adhoc parameters. Cyphon supports the current version of the Twitter Public Streams API.



IoT and Sensor Data Processing

Cyphon can process high volume event flow from any sensor type, offering a unique way to analyze information from physical environments.



Features

Aggregates data from numerous sources: email, logs, social media, APIs, and more
Generates custom alerts with push notifications
Throttles alerts and bundles related incidents
View incidents by criticality level
Workflow for handling alerts and tracking work performed


Visualization

Cyclops -a user interface for managing alerts – allows you to easily view, assign, and investigate Cyphon alerts. It provides an “eye” into your data, enabling you to respond to issues quickly and effectively.







Architecture

     The Cyphon platform is made up of a backend data processing engine (“Cyphon Engine”) and a security operations front end UI for visualization (“Cyclops”). They are maintained in separate projects. The source code for Cyphon Engine can be found here, while the Cyclops project can be found here. This documentation focuses on Cyphon Engine. See the Cyphon Architecture Overview for more details about its design.


Docs

Download