Index Definitions & Details

Stellar Cyber organizes data into indices, which helps to speed up your searches.

The following table lists the name of each index in Stellar Cyber, the name of the index in the Interflow data, the type of data collected in that index, and the source of the data.

Stellar Cyber also provides an interactive tool that lets you look up alert types by data source, alert name, event type, or source index.

Note that the index under which data is stored also helps determine how long that data is stored according to the hot and cold retention times specified for different data types in the System | Data Management | Retention Groups tab. Refer to Using the Retention Groups Tab for details on how the data types available for different retention group times map to the indices described here.

Index Interflow Name Data Source
Alerts aella-ser-*

Security events from Machine Learning, security analytics, and ATH playbooks

Assets aella-assets-* Asset data based on Stellar Cyber analytics

Connectors:

  • Acronis Cyber Protect Cloud

  • Broadcom SES

  • Cisco AMP

  • CrowdStrike

  • Cybereason

  • CYRISMA

  • Deep Instinct

  • LimaCharlie

  • SentinelOne

  • SonicWall Capture Client

  • Sophos Central

  • Thinkst Canary

  • Trellix MVISION

  • WMware Carbon Black

  • Webroot

AWS Events aella-cloudtrail-*

CloudTrail non-traffic logs

Machine Learning alerts types for this Index 

DP Monitoring aella-dp-monitor

Data Processor health status

IDPS/Malware Sandbox Events aella-maltrace-*

Firewall threats from sensors/log forwarders

Maltrace SDS/Sandbox

Machine Learning alert types for this index

Linux Events

aella-audit-*

Audit data from Linux agents

Audit data from Container sensors

Machine Learning alert types for this index

Connectors:

  • Cisco AMP

  • Google Workspace

  • Prisma Cloud (Palo Alto Networks)

  • SentinelOne

  • SonicWall Capture Client

Scans aella-scan-*

Machine Learning alert types for this index

Connectors:

  • CyberCNS

  • CYRISMA

  • Nessus

  • Qualys

  • Rapid7

  • SentinelOne

  • SonicWall Capture Client

  • Tenable.io

  • Tenable.sc

Sensor Monitoring aella-ade-*

Sensor statistics from DP Configuration Manager

Machine Learning alert types for this index

Signals aella-signals-* Sensitive events that are not attacks based on analytics or Machine Learning
Syslog aella-syslog-*

Application logs from sensor log forwarder parsers

Machine Learning alert types for this index

Connectors:

  • Acronis Cyber Protect Cloud

  • Akamai

  • Amazon Security Lake

  • AWS Cloudwatch

  • AWS GuardDuty

  • Azure Event Hub

  • Barracuda Email Security

  • BlackBerry Cylance

  • Broadcom SES

  • Broadcom (Bluecoat / Symantec) WSS

  • Box

  • Cato Networks

  • Cisco AMP

  • Cisco Umbrella

  • Cloudflare

  • CrowdStrike

  • Cybereason

  • Cynet

  • Deep Instinct

  • Duo Security

  • ExtraHop Reveal(x) 360

  • Forescout

  • Generic S3

  • Google Cloud Audit Logs

  • HanDreamnet Security Switch

  • HIBUN

  • Huntress

  • HYAS Protect

  • Imperva Incapsula

  • Indusface

  • Jamf Protect

  • JumpCloud

  • LastPass

  • LimaCharlie

  • Malwarebytes OneView

  • Microsoft Defender for Endpoint

  • Microsoft SQL Server

  • Mimecast

  • MySQL

  • Netskope WSG

  • OneLogin

  • Okta

  • Oracle Cloud Infrastructure (OCI)

  • Palo Alto Networks CORTEX XDR

  • Prisma Cloud (Palo Alto Networks)

  • Proofpoint On Demand

  • Proofpoint Targeted Attack Protection (TAP)

  • Qualys

  • Salesforce

  • SentinelOne

  • SonicWall Capture Client

  • Sophos Central

  • Symantec Email Security

  • Symantec Cloud Workload Protection

  • Thinkst Canary

  • Trellix MVISION

  • Trend Micro Apex Central

  • Trend Micro Cloud One Workload Security

  • Trend Micro Vision One

  • VMware Carbon Black

  • VMware Workspace One

  • Webroot

Traffic aella-adr-*

Flow traffic from sensors

Machine Learning alert types for this index

CloudTrail traffic

Firewall traffic logs from sensor log forwarders

DHCP server logs from sensors

Users aella-users-*

User data from analytics

Okta connector

Windows Events aella-wineventlog-*

Machine Learning alert types for this index

Active Directory connector user data

Microsoft Defender for Cloud Apps

Microsoft Entra ID (formerly Azure AD) Active Directory user data

Office 365 Active Directory user data

Windows logs from Windows agents

Windows System Security logs