NGR Softlab: Alertix Event Analysis Platform

The main articles are:

• Security Information and Event Management (SIEM)
• Data management

2024: Alertix 3.6.3 with SAYT concept

NGR Softlab has released an updated version of the Alertix SIEM solution - 3.6.3. The changes are aimed at improving the convenience and efficiency of using the platform. The company announced this on August 20, 2024.

The updates affected the interface, event review functionality and detection components of the platform. Alertix 3.6.3 introduces the concept of SAYT (Search-as-you-type) and improves the logic of querying events to speed up search. Added the ability to edit filters made from events manually or quickly, and in the resource table - setting up the responsible person, the presence of vulnerabilities and other criteria.

In this version, access to key information has become more convenient: aggregator fields are included in a separate tab of each event. There is also the possibility of a quick full-text click search, which speeds up the investigation of suspicions and the free search for signs of incidents.

In addition, the Alertix Agents Infrastructure Coverage Assessment page has been created to identify the hosts on which the agent needs to be installed and to make exceptions. Detection components have been improved: the Signal service now has uniform verification mechanisms for all types of rules, and Anomaly Detection (UEBA) has added the ability to disable detection rules and change the criticality of generated events. Optimized service cache to improve performance.

Alertix 3.6.3 also made changes to the design of pages and menu items, added tooltips to increase the intuitive use of the platform.

{{quote 'We are constantly improving Alertix to provide our customers with the most effective tool for detecting and investigating information security incidents. When developing the new version 3.6.3, we focused on simplifying work with the platform, speeding up incident analysis processes and increasing the level of security, "said Dmitry Pudov, Deputy General Director of NGR Softlab. }}

2023

Alertix 3.6.0 with Agent Status Color Indicator

In the updated version of the SIEM Alertix platform, the approach to distributing updates has changed: now the component update in the major version is available without the need to upgrade the entire platform as a whole. You can update or roll back any version of the component directly from the web interface. This will allow faster delivery of functions and fixes to users. This was announced on December 7, 2023 by NGR Softlab (Enjiar Softlab).

Agent management has become clearer thanks to the redesign of the interface: a color indicator of the status of agents has been added, icons of installed modules have appeared, and the capabilities of mass operations have been added to the Alertix agent group management page.

Event reception management by the SIEM platform has been improved: for Syslog and SNMP receivers, connection of non-standard sources has been simplified. The functionality of event search has been improved, in particular, the ability to connect third-party (non-platform) clusters has been added. At the same time, search and correlation by are available. to data

The changes also affected the behavioral analysis module in Alertix: a new page for visualizing UEBA user analytics appeared, which presents statistics on the results of the service: anomalies for the week, the top 5 most suspicious users, hosts, processes, as well as the number of anomalies in the context of behavior profiles. In the configuration, you can exclude hosts from anomaly search and temporarily disable the recording of found anomalies.

The list of integrations available out of the box has expanded: information about vulnerabilities and inventory can now be replenished based on data from the RedCheck scanner.

The release of Alertix 3.6.0 implements the wishes of customers and partners collected during joint work, - said Dmitry Pudov, CEO of NGR Softlab. - We approached the improvements of our SIEM system in detail, presenting the market with functionality that allows information security departments to increase their efficiency and productivity without the need for significant investments.

The Alertix security event monitoring platform adapts to current changes and the transition of many organizations to. In the Russian OS the updated version, the SIEM system has been replenished with a large number of detection rules for - Linux systems (a total of 187 correlation rules and 75 supported sources are available out of the box). Alertix has Certificate of Conformity FSTEC No. 4596, valid until 2027.

Alertix 3.5.0 with Integrated Agent for Linux and Windows

On June 22, 2023, NGR Softlab announced the update of the Alertix SIEM system to version 3.5.0. It includes improvements to the main application functionality and interface, optimization of event reception management from sources, and system-wide changes. This will improve the security of customers' IT infrastructure and increase the efficiency of information security personnel.

This version of the Alertix platform integrated has a single NGR Softlab proprietary agent for Linux both Windows systems. This improves the ease of use and centralized configuration management of the solution, and significantly expands the ability to collect events with. OS Linux

Integration with scanners has been implemented. vulnerabilities The obtained data replenishes the inventory database, and information also monitors the emergence of new vulnerabilities on hosts with notification of them. Among the solutions supported for integration are popular Russian production scanners.

With frequent triggering of correlation rules, the results are aggregated into one suspicion with subsequent notification of the information security analyst. In this case, all detected facts will be attached to the suspicion and the frequency of their formation will be indicated. This will make it easier for staff investigating detections to work and substantially reduce the number of notifications that require a response.

Added Investigation Support Tool ─ Analyst Notebook. It will help reduce one of the key performance metrics of the TTC (Time-to-Maintain) ─ monitoring center. Notepad ─ is a system of interactive notes recorded when investigating incidents or freely searching. Customized paging filters, queries, compromise indicators, links and files are combined into a single tool with the ability to quickly call or search on them. The collected indicators can be checked with one click in the Whois, Virustotal and AbuseIPDB services.

Added support for downloading IOC files in STIX format. This description standard for the distribution of compromise indicators has supplemented previously supported CSV files. The ability to collect indicators has been supplemented: manual download of files in the platform interface is supported.

Also in this version of Alertix added the ability to use the third-party PostgreSQL service database. Now, when installing the product, you can specify a server with an existing DBMS and not install it on a host with a platform.

We did a lot of work during the preparation of the new version of Alertix, ─ commented Dmitry Pudov, CEO of NGR Softlab. ─ The wishes of partners and customers on pilots were collected, which made it possible to approach the update of the SIEM system in detail. One of our key tasks ─ to provide the market with solutions with the maximum level of security and consistent with current information security trends.

2022

FSTEC Certificate for Alertix SIEM System

On November 23, 2022, the Russian developer of information security solutions NGR Softlab announced the receipt of the FSTEC certificate for the Alertix Security Event Monitoring Platform.

Illustration: ngrsoftlab.ru

The Alertix platform is designed to collect and process data from various sources of the organization's IT infrastructure, search for unwanted events and information security incidents.

It includes the practices of one of the SOC centers in Russia. These technologies are now available to customers not only on a service model, but also as a standalone product installed inside the organization's infrastructure.

The FSTEC certificate confirms that Alertix can be used in state information systems, at critical information infrastructure facilities, in automated production and process control systems. In public information systems that process restricted information, including personal data and other types of confidential information.

Certificate of Conformity No. 4596 is included in the state register of the information protection certification system and is valid until November 18, 2027. It confirms compliance with the information security requirements for the fourth level of trust.

"We have done a lot of work in response to the request of our partners and customers. The certificate confirms that our SIEM system Alertix is marked with a "quality mark" and meets all the necessary requirements of the regulator. This will allow offering the solution to customers and partners from different fields in order to ensure that they meet the requirements of the regulator and the maximum level of security, "comments Dmitry Pudov, General Director of NGR Softlab.

Release of update 3.3.1 with reduced hardware requirements

On September 6, 2022, NGR Softlab announced the release of update 3.3.1 of the Alertix SIEM system, designed to collect, store events and automatically identify and record information security incidents.

In this version, the developer reduced the hardware requirements of the product and improved the process of detecting incidents: added the capabilities of the auto-inventory service, event browser, improved control over the reception of information from various data sources.

To reduce the load on the client infrastructure and increase the performance of the NGR system, Softlab almost halved the hardware requirements for storage components (Data-cluster) and event receivers. In addition, a dynamic definition of the Data-cluster parameters at the time of installation and the ability to scale the data flow depending on the available resources is added.

In the settings of the service for replenishing inventory information and monitoring data, users can automatically control the arrival of events from connected sources. In addition, the developer has supplemented the service with the functionality of prompt notifications: when a new host or activity is found in subnets, a message will be sent through integrated services - for example, through Email, Telegram or other methods chosen by the user.

To simplify updating the inventory information, NGR Softlab added the setting of the inactivity period for agents and IP addresses, after which they are removed from the database. On the activity display page on subnets, you can view the details of the hosts that the auto-inventory service detected in incoming events.

Alertix UX/UI metrics have also been improved by revising the design and mechanisms for visualizing process startup graphs and adding the ability to visualize network connections established by file and registry operations.

The service configuration parameters State system of detection, prevention and elimination of consequences of computer attacks implemented to enable the function of tracking new incoming messages in the personal account and the ability to use several email addresses to notify users when receiving incoming messages.

Our company responds quickly to the needs of the market and in response to the requests of customers and partners, we have done our work to reduce the burden on the IT infrastructure and increase productivity. We strive to provide the market with the best solutions in terms of total cost of ownership that provide our customers with the maximum level of security, "said Dmitry Pudov, CEO of NGR Softlab.

Update Release 3.2.2.

On May 6, 2022, Russian developer NGR Softlab announced that it had prepared update 3.2.2. for the Alertix platform. The software is designed to monitor information security events, identify incidents, record them, investigate and notify regulators.

This is a minor update, but large-scale in terms of the volume of changes: stability and architecture issues have been finalized, the Anomaly Detection service has been introduced, UI\UX and platform functionality have been improved.

The introduction of the Anomaly Detection behavioral analytics service of the User and Entity Behavior Analytics class will allow you to track deviations in the behavior of users, hosts and processes from the "normal" by 46 profiles. From the detected abnormal behavior of users, it is possible to quickly create suspicions in the incident accounting service - manually or when using anomaly records by the correlation service.

To protect Alertix from possible errors, data mashing and corruption of backups, rotation, backup and data update mechanisms have been improved. NGR Softlab also optimized update cycle mechanisms to reduce the time spent by Alertix administrators and reduce the likelihood of errors.

Among the interface update points, we can note the expansion of the search capabilities in the host browser, as well as an increase in the convenience of monitoring background tasks for generating tags for enriching and marking events and prioritizing IT assets. To facilitate diagnostics and ease of access to technical support "in one click" on the "About the program" page, the ability to upload a package of all logs of the platform (logs dump) in compressed form has been added.

"We analyze the operation of our software and continue to improve both the functional component and the interface to provide our customers with ease of use. We consider the prompt implementation of modules and systems for detecting illegitimate actions in the customer's infrastructure to be an important guideline in the work of NGR Softlab. The company's experts strive to develop the platform's capabilities and provide tools in response to the changing threat landscape, " noted Dmitry Pudov, CEO of NGR Softlab

2021: Inclusion in the Unified Register of Russian Programs

On July 6, 2021, it became known that the Alertix solution of the Russian developer PONGR Softlab was included in the Unified Register of Russian programs for electronic computers and databases.

The software is assigned the 2021612428 number for the main class "Monitoring and management system" and the additional class "Decision Support Tools (DSS)."

The Alertix platform is a universal tool for collecting and processing data, finding and automatically signing detection of unwanted events or combinations thereof, as well as visualizing the dynamics and values ​ ​ of stored data. The solution can be used to manage IT system logs (LM), IT and information security monitoring (SOC, NOC), support change management processes, and any other processes that require data-driven decision support .

The Alertix platform was designed and developed to provide commercial SOC services to the requirements of experienced information security analysts. The primary goals of the development were to provide a really quick and convenient tool for searching large amounts of data, which allows you to reduce the duration of the investigation processes and collect the necessary facts.

NGR Softlab registered all three of its products in the Register of Domestic Software. For us, this event is an important stage in the framework of a long-term strategy to strengthen our presence and achieve leadership in the Russian market for information security solutions, which we are primarily focused on. The company seeks to analyze trends and anticipate the needs of customers who confront information security challenges, - comments Dmitry Pudov, CEO of NGR Softlab.