SysFlow: Scalable system telemetry for improved security analytics
Release
Frederico Araujo and Teryl Taylor
5 minute read
A cloud-native system telemetry framework that enables the creation of security analytics on a scalable, pluggable open-source platform.
Our team's work has been developed into a beta capability for the IBM Cloud Pak for Security. Threat Investigator finds cases that warrant an investigation and automatically starts investigating. It fetches artifacts that are attached to the cases, completes several rounds of data mining and then generates a timeline and MITRE ATT&CK chain graph of the incident.
Our innovations in real-time network traffic analysis are regularly incorporated into new capabilities for IBM QRadar Network Insights.