Architecture and Data Flows
Conceptual Diagram
The diagram reflects the main capabilities of the module.
Data Sources
The table contains indexes and directories used in the module. The data source is the BI.ZONE EDR server.
| Name | Source Type | Integration Type | Data Category | Semantics |
|---|---|---|---|---|
bizone-irp-alerts-* | index | kafka | events | Threat detection rule alerts |
bizone-irp-other-* | index | kafka | events | Preventive threat detection rule alerts |
bizone-telemetry-* | index | kafka | events | Telemetry: 1. Process monitoring and inventory 2. Inter-process communication, threads, and memory monitoring 3. File system monitoring and inventory 4. Registry monitoring and inventory 5. Network activity monitoring and inventory 6. Named pipe monitoring and inventory 7. .NET monitoring 8. User session monitoring and inventory 9. ... |
bizone-server-log-* | index | kafka | events | System log of the BI.ZONE EDR server and connected agents |
bizone-tasks-result-event-* | index | kafka | events | Result of tasks executed by the EDR module |
bizone-entity-actions-* | index | REST API | events | Server audit log: authorization on the BI.ZONE EDR server, management of tasks and agents |
bizone-entity-agents-* | index | REST API | directory | Servers and workstations where agents are installed |
bizone-entity-agentusers-* | index | REST API | directory | Local users on agents |
bizone-entity-alerts-* | index | REST API | directory | Alert metadata |
bizone-entity-modules-* | index | REST API | directory | Available modules |
bizone-entity-tasks-* | index | REST API | directory | Available tasks |
bizone-entity-triggers-* | index | REST API | events | Registered triggers |
bizone-entity-users-* | index | REST API | directory | BI.ZONE EDR users |
dim_bizone_host | directory | scheduled job | directory | Properties of servers and workstations where agents are installed based on bizone-entity-agents-* |
dim_bizone_task | directory | scheduled job | directory | Task properties based on the bizone-entity-tasks-* index |
dim_bizone_rule | directory | csv | directory | Threat detection rules |
bizone_alert_setting | directory | manually managed | directory | Managing incident registration based on threat detection rule alerts |
link_bizone_alert_severity_incident_severity | directory | static | relationship | Mapping alert criticality categories to incident criticality |