The power of CDAP is the ability to ingest actions by cyber products under test or training environments, correlate with indicators observed through independent sources, and verify if pre-defined thresholds have been met.
The Centralized Data Analysis Platform (CDAP) is the analysis tool used to automate the monitoring and verification of systems and networks. To enable quick and comprehensive network infrastructure analysis, Blue Cloak utilizes open source stack software technology to integrate different data sources. CDAP is a cluster with multiple nodes configured with a Hadoop ecosystem, master, and slaves. In addition, CDAP uses Apache NiFi as well as custom code to process and index custom data such as application logs and/or database, and system logs. All processed data are indexed and stored in Elasticsearch for quick metadata queries. Raw network packets will be stored in Hadoop Distributed File System (HDFS) and can be exported out as necessary.
CDAP Capabilities and Benefits
- Real-time ingestion of application and system logs
- Real-time cybersecurity dashboard and cyber workbench
- Real-time ingestion, correlation, and enrichment of PCAP and NetFlow telemetries
- Real-time integration of cybersecurity feeds
- Cost-effective long-term data capture
- Increased visibility with expanded data types
- Optimization of existing log analytics solutions
- Enriched data ready for analysis
- Contextual view of data from a wide variety of real-time and batch data sources
- Big data ingest and enrichment technology to capture full content and context of the network traffic
- Standard and consistent data formats
- Reduces manual efforts and custom data preparation
- Experience that brings together data science and security for modern cybersecurity