Cyphon is free to download open-source incident response and alert platform that is used to receive, process, and then triage various events to create a more efficient yet analytical workflow like:
- Aggregating the data
- Bundling and prioritizing different alerts
- Empowering analysts to investigate as well as document incidents.
- It can aggregate data from various sources like email, logs, social media, and APIs
- With this users can enhance data with automated analyses such as GeoIP
- Able to generate custom alerts with push notifications
- Carries throttle alerts and bundle related incidents
- Also able to view alerts by category, priority as well as a source
- It can investigate alerts
- Track work performed
Collect the data
It is used to collect data from different sources like emails, messages, log, and social media. It lets users shape up their data the way they want and like so that it becomes easier for them to analyze. Users are also able to enhance their data with the help of automated analysis, just as geocoding.
It creates alerts for data that is important for the user. When it arrives, the user gets notified when something of interest happens. Users are also baled to prioritize alerts by using custom rulesets as well as alerts related to bundle so that they do not get inundated.
The analysts can easily and quickly investigate the alerts by exploring the related data and then annotate the alerts with the help of their findings. With the support of JIRA integration, users can escalate alerts by creating a ticket at the service desk.
How and where to use Cyphon
Social media monitoring
Publicly available APIs, it can collect data from streaming sources. The search is based on keywords, geofencing, and Adhoc parameters. The best part about this is one is that it supports the latest version of Twitter public streams API.
Different organizations manage post-processed security events in the form of email notifications, which is highly efficient. When you have your inbox filled up with alert notifications, then it creates such an environment where critical issues are overlooked and rarely investigated.
Cyphon is used to eliminate such an issue by throttling events and then prioritizing them based on the rules defined by the user. Analysts can investigate incidents quickly by correlating other data sets against indicators that matter. With the results of the analysis, users can then annotate the results.
Today this can support integrations with Snort, Bro, Nessus, as well as many other popular security products.
Internet of Things and Sensor Data Processing capabilities
It can also process various events from any sensor type by offering a unique way to analyze information from the physical environment.
Download Cyphon: Open Source Alert and Incident Management Tool
Cyphon is excellent if you are writing your Disaster Recovery plan and want to have an incident management platform that is both open-source and free at the same time. You will need to use a virtual machine as a test environment to set it up. I personally use Grafana as it has a wider range of support and documentation online.