Cyphon – Open Source Incident Management & Response Platform

Comments Off on Cyphon – Open Source Incident Management & Response Platform

Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis.

Many businesses rely on emails to manage alert notifications, which leaves their networks susceptible to overlooked incidents, alert fatigue and knowledge drain. Cyphon closes gaps in data management by collecting detailed information from a variety of sources – including email, log messages, APIs, social media and more. By giving analysts complete access to all these data sources through one platform, Cyphon maximizes data coverage while minimizing the time and energy needed to monitor networks.

When alerts are triggered, analysts can investigate the incident directly through Cyphon. They can quickly view the type of activity encountered, its geographic origin and criticality level. With the click of a button, they can dive deeper into the data to find logs related to the incident. This reduces the time and effort needed to investigate an alert, allowing analysts to work more efficiently — and incidents to be remediated more quickly.

Cyphon is more than another SIEM or data collection tool. It is an all-in-one incident management solution that integrates with other APIs to streamline your workflow. Out of the box, Cyphon allows analysts to escalate and share issues with their team members and annotate alerts with the results of their analysis. This provides full transparency to your operations center or security staff, while also building a valuable knowledge base for your organization.

 

With Cyphon you can:

  • Collect data from a variety of sources, including email, social media, and logs
  • Filter data as it comes in, so it can be parsed, analyzed, and easily searched
  • Enhance data with automated analyses
  • Create alerts for important data as it arrives

 

Use Cases

Incident Management

Cyphon supports integrations with Bro, Snort, Nessus, and other popular security products.

 

Social Media Monitoring

Leveraging publicly available APIs, Cyphon can collect data from streaming sources. Search is based on keywords, geofencing, and adhoc parameters. Cyphon supports the current version of the Twitter Public Streams API.

 

IoT and Sensor Data Processing

Cyphon can process high volume event flow from any sensor type, offering a unique way to analyze information from physical environments.

 

Features

  • Aggregates data from numerous sources: email, logs, social media, APIs, and more
  • Generates custom alerts with push notifications
  • Throttles alerts and bundles related incidents
  • View incidents by criticality level
  • Workflow for handling alerts and tracking work performed

 

Visualization

Cyclops -a user interface for managing alerts – allows you to easily view, assign, and investigate Cyphon alerts. It provides an “eye” into your data, enabling you to respond to issues quickly and effectively.

 

 

Architecture

The Cyphon platform is made up of a backend data processing engine (“Cyphon Engine”) and a security operations front end UI for visualization (“Cyclops”). They are maintained in separate projects. The source code for Cyphon Engine can be found here, while the Cyclops project can be found here. This documentation focuses on Cyphon Engine. See the Cyphon Architecture Overview for more details about its design.

 

Open Source Incident Management & Response Platform: Cyphon Documentation

Open Source Incident Management & Response Platform: Cyphon Donwload

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress