Outline
eyeCloudXOAR is a system that centrally collects log information generated from all kinds of information systems to efficiently manage and utilize cyber security threats, security orchestration, analysis and response and threat intelligence information.
The Collector module receives information system logs from the Agent module and automatically standardize them according to a method specified by the user to store information in the search engine and database, and supports search and analysis at the request of the user. In addition, it creates events by searching information according to event analysis rules requested by the Aanalyzer module.
The Analyzer module is a system that performs the overall system operation and analysis including Web Interface and RDBMS, which provides a user-defined event ruleset analysis and dashboard management function, a statistics and report management function, an analysis policy management function and a system management function.
The Agent module is divided into CollectorForAgent and ProxyForAgent, and through SNMP, syslog, File, DB interlocking, FTP, SFTP, Commend execution, etc., it collects logs from the information system to transmit them to the Collector module.
CollectorForAgent and ProxyForAgent have the same default functions, but are distinguished according to whether a transmission target is Collector or Agent.