Search Anywhere Framework Modules
Core
The foundational module of SAF. It coordinates the interaction of other platform modules and provides a single point of access to their functions. Includes an analytical core that implements the SAFL query language. Based on the SAFL syntax, it accesses data arrays in various repositories using the universal search technology Search Anywhere™.
Apache Kafka
The following module is intended to monitor the state of an Apache Kafka cluster and manage its components. It tracks various Apache Kafka functional parameters (performance, throughput, lag, resource usage, state of every broker and topic) as well as manage topic configuration.
Cyber Security
This module allows you to receive information about the operation of all necessary information security tools (IST) of domestic and foreign production from a single console. The module implements correlation mechanisms between events of various ISTs, which allows identifying information security events that are not detected by any single IST.
Incident Manager
The Incident Manager module is a functional solution for managing the lifecycle of incidents in information security, IT infrastructure, anomalous user behavior, and business process errors. The main purpose of the module is to record important events as incidents, as well as to organize the process and provide tools for managing identified incidents.
Inventory
The Inventory module allows you to create a unified database of assets (servers, workstations, network devices, information systems, cluster infrastructure objects) and users, as well as maintain this database in an up-to-date state.
Kubernetes
The following module is intended to monitor the state of an Kubernetes cluster and manage its components. It provides detailed information about cluster components (nodes, pods, containers, replica sets), tools to manage the state of the server, nodes and various cluster resources, allows to execute terminal commands inside the Kubernetes pods via Search Anywhere Framework interface.
MITRE ATT&CK
This module allows you to apply various MITRE ATT&CK scenarios in the protected infrastructure. For example, assess the coverage of techniques with instrumental controls, form specialized threat models and apply them to IT landscape components, detect potential use of techniques based on events from data sources.
UBA
This module provides mechanisms for detecting deviations in the behavior of different types of objects: users, hosts, administrators, information systems, business processes, etc. The universal scoring mechanism allows you to identify potential attackers, compromised accounts, calculate the cybersecurity index, analyze operational efficiency and work discipline, and combat fraud.
VMware
The following module is intended to monitor the components of the system housing the VMware installation and manage its components. It allows to track current configuration, state and resource load on the cluster, VMware hosts and virtual machines, manage hosts, virtual machines and their snapshots.
Network
The Network module is designed for thorough monitoring of network equipment and responding to possible changes in its network and configurations. The module automatically collects and analyzes data, allowing you to quickly detect a problem and fix it in a timely manner.
Servers
The Servers module aims to optimize resources and control efficiency. It monitors and analyzes server processes and resource utilization (including CPU, memory, and disk activity).
Microsoft Active Directory
This module is designed to manage core domain services and user accounts. For example, storing information about domain administrators and local administrators, identifying accounts that have not logged in for a certain period of time, etc.
Microsoft Exchange
This module manages the operation of the main mail server services and analyzes email flow. It also allows auditing access to mailboxes, instances of mail forwarding, auto-replies, etc. Thanks to the Microsoft Exchange module, the user can easily detect and analyze anomalies in mail traffic.