Stellar Cyber Overview

Stellar Cyber Open XDR is a platform for performing end-to-end threat detection and response, combining multiple capabilities – NG-SIEM, NDR, TIP, IDS, SOAR, and UEBA – into a single user experience.

Stellar Cyber allows security teams to gain full visibility into their IT, OT, and security environments, with turnkey automated detection and response across all data sources. This allows security teams to detect more alerts faster, future-proof their Security Operations, and free up human resources for more proactive security work.

Architecture Overview

Stellar Cyber is built on a Security Data Lake and a Detection and Correlation Engine. These are the platform components that allow collection from any source, detection on any source, and correlation across any sources. Additional native capabilities are built into the platform to provide comprehensive detection and response.

Data is collected, normalized, enriched, detected, and correlated across all sources. Data can be collected from API-based connector and log sources or Stellar Cyber sensors can be used to create visibility. Normalization and enrichment happens across all data, either at the edge (sensors) or centrally. Finally, detections based on both Machine Learning and Rules reveal threats and send the results to the correlation engine for automated investigation. The figure below illustrates the high level data flow in Stellar Cyber:

You can find more details on the architecture in Stellar Cyber Architecture.

Benefits

  • Get immediate time to value through integrations, detections, and correlations that work straight out of the box.

  • Implement best practices by getting immediate broad detection coverage and data source collection profiles.

  • Automate manual workflows with a data and automation pipeline that spans collection, detection, correlation, and response.

  • Future-proof your IT and security investments through Open XDR, integrations, and normalization across any data source.

  • Improve analyst efficiency by operating out of a platform that combines multiple capabilities into a single user experience.

Key Features

  • Automatic Incident Correlation: Native, third-party, and custom alerts are correlated together into Incidents, automating investigations and providing immediate context.

  • Multi-Modal Detections: Unsupervised ML, Supervised ML, rules, and edge detections (for example, IDS).

  • Simplified Data Collection: Hundreds of built-in integrations with the ability to collect from on-premise or cloud-based sources.

  • Native Sensors: Network-based sensors and server sensors create visibility across all environments, collect log sources, and run IDS and Malware Sandbox at the edge.

  • Response: Bi-directional integrations to IT and security products take automated or manual actions directly from Stellar Cyber.

  • Multi-Tenancy: Logical partitioning of tenants within a single customer instance for MSSPs or business unit separation.

Getting Started

The Getting Started Guide provides an overview of how to use the Knowledge Base and quick starts for both Analysts and Administrators.