Smart Monitor Modules

Core

The foundational module of SM. It coordinates the interaction of other platform modules and provides a single point of access to their functions. Includes an analytical core that implements the SML query language. Based on the SML syntax, it accesses data arrays in various repositories using the universal search technologySmart Monitor.

APM

The module is designed for building a comprehensive monitoring system for microservice architecture based on OpenTelemetry traces. It allows tracking service interactions, diagnosing problems, and responding to incidents in real time.

Advanced Log Manager

The module is designed for monitoring and analyzing logs. It features flexible access settings and a powerful filtering system. It allows downloading log file content from servers, including viewing and downloading data, as well as uploading files from local devices for further processing. It provides data monitoring, search functionality within log file contents, and displays formatted records with timestamps and identifiers for convenient analysis.

Apache Kafka

The following module is intended to monitor the state of an Apache Kafka cluster and manage its components. It tracks various Apache Kafka functional parameters (performance, throughput, lag, resource usage, state of every broker and topic) as well as manage topic configuration.

Cyber Security

This module allows you to receive information about the operation of all necessary information security tools (IST) of domestic and foreign production from a single console. The module implements correlation mechanisms between events of various ISTs, which allows identifying information security events that are not detected by any single IST.

Incident Manager

The Incident Manager module is a functional solution for managing the lifecycle of incidents in information security, IT infrastructure, anomalous user behavior, and business process errors. The main purpose of the module is to record important events as incidents, as well as to organize the process and provide tools for managing identified incidents.

Inventory

The Inventory module allows you to create a unified database of assets (servers, workstations, network devices, information systems, cluster infrastructure objects) and users, as well as maintain this database in an up-to-date state.

Kubernetes

The following module is intended to monitor the state of an Kubernetes cluster and manage its components. It provides detailed information about cluster components (nodes, pods, containers, replica sets), tools to manage the state of the server, nodes and various cluster resources, allows to execute terminal commands inside the Kubernetes pods via Smart Monitor interface.

MITRE ATT&CK

This module allows you to apply various MITRE ATT&CK scenarios in the protected infrastructure. For example, assess the coverage of techniques with instrumental controls, form specialized threat models and apply them to IT landscape components, detect potential use of techniques based on events from data sources.

Microsoft Active Directory

This module is designed to manage core domain services and user accounts. For example, storing information about domain administrators and local administrators, identifying accounts that have not logged in for a certain period of time, etc.

Microsoft Exchange

This module manages the operation of the main mail server services and analyzes email flow. It also allows auditing access to mailboxes, instances of mail forwarding, auto-replies, etc. Thanks to the Microsoft Exchange module, the user can easily detect and analyze anomalies in mail traffic.

Network

The Network module is designed for thorough monitoring of network equipment and responding to possible changes in its network and configurations. The module automatically collects and analyzes data, allowing you to quickly detect a problem and fix it in a timely manner.

Servers

The Servers module aims to optimize resources and control efficiency. It monitors and analyzes server processes and resource utilization (including CPU, memory, and disk activity).

Smart Code

The module is designed for comprehensive monitoring of the Continent network security complex and the Secret Net Studio endpoint protection system. It allows monitoring component status, analyzing events, and detecting computer incidents.

Smart EDR

The module combines the capabilities of Smart Monitor and BI.ZONE EDR for advanced threat monitoring, attack detection, and rapid response to cybersecurity incidents.

Threat Intelligence

The module provides integration of Smart Monitor with IoC data sources and enables automatic enrichment of events and incidents, as well as identifying additional incidents based on interactions with compromise indicators in the infrastructure.

User Behavior Analytics

This module provides mechanisms for detecting deviations in the behavior of different types of objects: users, hosts, administrators, information systems, business processes, etc. The universal scoring mechanism allows you to identify potential attackers, compromised accounts, calculate the cybersecurity index, analyze operational efficiency and work discipline, and combat fraud.

VMware

The following module is intended to monitor the components of the system housing the VMware installation and manage its components. It allows to track current configuration, state and resource load on the cluster, VMware hosts and virtual machines, manage hosts, virtual machines and their snapshots.

Zabbix

The Zabbix module extends the capabilities of Smart Monitor by providing connection to an existing Zabbix monitoring system. The integration allows centralizing infrastructure control, analyzing incident causes, and using common event correlation scenarios.