Index Definitions & Details
Stellar Cyber organizes data into indices, which helps to speed up your searches.
The following table lists the name of each index in Stellar Cyber, the name of the index in the Interflow data, the type of data collected in that index, and the source of the data.
Stellar Cyber also provides an interactive tool that lets you look up alert types by data source, alert name, event type, or source index.
Note that the index under which data is stored also helps determine how long that data is stored according to the hot and cold retention times specified for different data types in the System | Data Management | Retention Groups tab. Refer to Using the Retention Groups Tab for details on how the data types available for different retention group times map to the indices described here.
Index | Interflow Name | Data Source |
---|---|---|
Alerts | aella-ser-* |
Security events from Machine Learning, security analytics, and ATH playbooks |
Assets | aella-assets-* | Asset data based on Stellar Cyber analytics Connectors:
|
AWS Events | aella-cloudtrail-* |
CloudTrail non-traffic logs Machine Learning alerts types for this Index Connectors:
|
DP Monitoring | aella-dp-monitor |
Data Processor health status |
IDPS/Malware Sandbox Events | aella-maltrace-* |
Firewall threats from sensors/log forwarders Maltrace SDS/Sandbox |
Linux Events |
aella-audit-* |
Audit data from Linux agents Audit data from Container sensors Machine Learning alert types for this index Connectors:
|
Scans | aella-scan-* |
Machine Learning alert types for this index Connectors:
|
Sensor Monitoring | aella-ade-* |
Sensor statistics from DP Configuration Manager |
Signals | aella-signals-* | Sensitive events that are not attacks based on analytics or Machine Learning |
Syslog | aella-syslog-* |
Application logs from sensor log forwarder parsers Machine Learning alert types for this index Connectors:
|
Traffic | aella-adr-* |
Flow traffic from sensors Machine Learning alert types for this index CloudTrail traffic Firewall traffic logs from sensor log forwarders DHCP server logs from sensors VPC Flow logs |
Users | aella-users-* |
User data from analytics Okta connector |
Windows Events | aella-wineventlog-* |
Machine Learning alert types for this index Active Directory connector user data Microsoft Defender for Cloud Apps Microsoft Entra ID (formerly Azure AD) Active Directory user data Office 365 Active Directory user data Windows logs from Windows agents Windows System Security logs |