CYBOT™ Architecture

This document will offer a deep dive into the intricate components that form the foundation of CYBOT™ architecture. Understanding its architecture is essential for developers, researchers, and enthusiasts looking to harness its potential.

Components of CYBOT™

DATALAKE

CYBOT™ comes with a Big Data Analytic Engine that can handle huge data from an enterprise’s IT infrastructure, with best-in-class analytics and processing capability. Since the CYBOT™ needs rich data from both host and network sensors. The information is collected and stored in the Analytical engine. 

An analytical engine can be a cluster of many nodes. This is highly scalable based on the needs of clients. Nodes can be Hot, Warm, cold and Frozen. As the word means, the hot node keeps the latest data, does the most active read-write operations, and is used mostly by the team and CYBOT™. Then the priority, speed and availability requirements reduce when it goes to warm, cold and frozen. 

Key characteristics and features of a data lake include:

1. Scalability: Data lakes are highly scalable, allowing organizations to store massive amounts of data. You can easily expand storage capacity as data grows without significant changes to the architecture.
   

2. ​Data Integration: Data lakes can ingest data from various sources, including databases, streaming platforms, IoT devices, social media, and more. This integration capability supports a holistic view of an organization's data.
   

3. Flexibility: Data lakes accept data in its raw form without the need for extensive preprocessing or schema definition. This flexibility makes it suitable for handling diverse and evolving data sources.
   

LOG COLLECTOR

Log collector is the component responsible for gathering and centralizing log data generated by various sources, such as servers, applications, network devices, and security appliances. Log data typically includes records of events, activities, and system information, which are crucial for monitoring, troubleshooting, security analysis.

Here are key features and functions of a log collector:

1. Data Collection: Log collectors collect log data from a wide range of sources across an IT environment. These sources may include web servers, application servers, databases, firewalls, routers, switches, virtual machines, and more.

2. Centralization: One of the primary roles of a log collector is to centralize log data from multiple sources into a single repository or data store. This centralization simplifies log management and analysis.

3. Normalization: Log data from different sources often have varying formats and structures. Log collectors can normalize this data, converting it into a standardized format for easier analysis and correlation.

4. Aggregation: Log collectors can aggregate log entries based on specific criteria or events. This aggregation can help reduce the volume of log data while preserving important information.
   

CYBOT™

This can be considered as the cockpit for the CYBOT™. This component does all the automated hunting and investigation processes for the Hypothesis and Investigation use cases. The User interface of this component enlightens the analysts with information from the Analytical engine such as dashboards, Use-cases alerts and their investigations, and Threat Hunting and Threat Intelligence information. 

Key features and functions of CYBOT™

1. Beyond a SIEM or SOAR: CYBOT™ transcends traditional SIEM and SOAR solutions. It's the pinnacle of threat management, alerting for anomalies, conducting automated investigations, and swiftly mitigating threats.
   
2. Granular Protection: CYBOT™ features multiple modules that provide granular protection, safeguarding organizations at every level of their security infrastructure.
   
3.  Exceptional User Experience: Designed with user-friendliness in mind, CYBOT™ offers an exceptional user experience, providing informative insights and much more to enhance your security operations.
   

• Related Articles

• About CYBOT™

  Introduction to CYBOT™ CYBOT™ is a cutting-edge solution developed by ActiveBytes Innovations to address the challenges posed by the overwhelming volume and complexity of logs generated in today's enterprise landscape. This groundbreaking platform ...

• Cybot™ Platform

  CYBOT™ is a one-of-a-kind platform that is custom-built to fit needs of enterprises with critical infrastructure. It acts as a cyber security foundation for organizations that requires deep visibility into their infrastructure with a multilayer ...

• Cybot Analytical Engine Installation

  Cybot Analytical Engine Installation This guide will lead you through the process of deploying a Cybot Analytical Engine. Downloading the OVA The download link for the ova will be shared by the ActiveBytes Support team. Download the OVA and proceed ...

• Cybot™ Log Collector

  Installation steps to deploy Datalake Engine and Datalake-UI Downloading the OVA The download link for the ova will be shared by the ActiveBytes Support team. Download the OVA and proceed to import the OVA using your preferred hypervisor. Importing ...

• Configure IP in Cybot™ Platform

  Login to the Cybot machine via SSH. Once logged in successfully to Cybot machine, please find the following steps to assign IP address to Cybot. Enter as root user in the console using the following command. >>>> sudo –s Provide the password for the ...