What is Interflow?

The Stella Cyber patent-pending Interflow technology is how it represents security events, network traffic, and application and log data inside the Stellar Cyber Platform. Interflow is JSON, so it is is both human readable and structured data, creating storage, retention, and analysis opportunities when collecting massive amounts of data.

Interflow provides data efficiency, searchability, and contextual insight.

• Data is reduced from PCAP to Interflow on an average of 100:1, allowing for reduced metadata transmission over wide area links to conserve bandwidth.

• Interflow is evidence that a detection is legitimate without the size of a full packet capture.

• Intervlow is indexable, readable, searchable at the click of a button.

• It's pervasive data collection at its core.

• Interflow provides contextual flow records.

Interflow captures information from L2 – L7.

• Network data

• Server data

• Application data

• User data

• Syslog logs

Interflow captures a wide range of data types

• Captures MD5 hashes of files downloaded

• Captures code signing certificates within files

• Captures authentication failures

• Captures UDLs, URIs, and domain names

• Captures L4-L7 performance metrics

Interflow provides enriched metadata for optimized processing and insight

• Stellar Cyber sensors convert various types of data to metadata.

• Network packets, server logs, server process data, file data and threat intelligence data are all converted to JSON formatted documents that are transmitted to Stellar Cyber processors for de-duplication, enrichment, indexing, and storage.

• Interflow is a record of captured data represented as metadata.

• It enriches data, for example, converting an IP address to a geographical location or reputation.