We also understand the flexibility you would like to have to choose the best new security tools for your ever-changing IT infrastructure.
Stellar Cyber open eXtended Detection and Response (Open XDR) is an open Intelligent SOC that acts as a hub for both your existing and new security solutions, aggregating their data and producing a clear, highly accurate, and effective threat landscape under a single pane of glass.

Stellar Cyber integrates with any security solution in many different ways through its log forwarders, connectors, SOAR, Data Streaming and open APIs, delivering an open XDR capability that leverages your current and new investments.

Log forwarders collect, aggregate, parse, normalize and enrich logs from hundreds of existing security applications such as firewalls, IAMs, WAFs, EDRs etc. They support various format including standard log format, CEF format, etc. New log parsers can be added any time without interrupting your existing services

Connectors collect, aggregate, parse, normalize and enrich data from applications through their APIs.  Connectors ensure visibility into Software-as-a-Service applications or service provider environments including: AWS CloudTrail, Office365, G-Suite, OKTA, vulnerability management, Active Directory, EDRs, SNMP, etc. They also help consolidate information such as asset information from your EDR onto our XDR platform.

Although our Open XDR has build-in threat intelligence, it also allows our customers to import their favorite threat intelligence feeds through STIX-TAXII.

The built-in SOAR functionality of Open XDR allows security analysts take direct actions on the platform without switching to another platform. By leveraging APIs provided by your existing security tools, our SOAR can interact with firewalls to block attacking IP addresses, disable users via the Active Director, disconnect an endpoint device from the network via EDR, or trigger a vulnerability scan, to name a few. It allows security analysts to define powerful playbooks so that any combination of these responses can be automated based on one or multiple conditions. This helps improve the response time to an attack and reduce the risk.

Data Streaming is another built-in application of our Open XDR platform. It allows the smooth integration between our Open XDR with your existing SIEM tool.  It can either stream the raw data with fused context or (the high-fidelity and easy-to-understand/contextual detection results or both) to the SIEM tool through the API interface provided by the SIEM tool.

Our Open XDR platform provides a rich set of restful APIs to allow access to the data stored in our data lake.  These APIs have been used for successful integration with third-party SOAR tools like Phantom, Demisto, Swimlane and Siemplify etc.