An Open Source Incident Management and Response Platform
Cyphon eliminates the headaches of incident management by streamlining a multitude of related tasks through a single platform. It receives, processes and triages events to provide an all-encompassing solution for your analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.
Incident Management Solution
Many businesses rely on emails to manage alert notifications, which leaves their networks susceptible to overlooked incidents, alert fatigue and knowledge drain. Cyphon closes gaps in data management by collecting detailed information from a variety of sources – including email, log messages, APIs, social media and more. By giving analysts complete access to all these data sources through one platform, Cyphon maximizes data coverage while minimizing the time and energy needed to monitor networks.
When alerts are triggered, analysts can investigate the incident directly through Cyphon. They can quickly view the type of activity encountered, its geographic origin and criticality level. With the click of a button, they can dive deeper into the data to find logs related to the incident. This reduces the time and effort needed to investigate an alert, allowing analysts to work more efficiently — and incidents to be remediated more quickly.
Cyphon is more than another SIEM or data collection tool. It is an all-in-one incident management solution that integrates with other APIs to streamline your workflow. Out of the box, Cyphon allows analysts to escalate and share issues with their team members and annotate alerts with the results of their analysis. This provides full transparency to your operations center or security staff, while also building a valuable knowledge base for your organization.
Aggregate data from numerous sources: email, log messages, APIs, social media and more
Single pane of glass view instead of multiple dashboards
Generate custom alerts with push notifications
View incidents by criticality level
Investigate alerts and track work performed
To help your organization make the most of Cyphon, we’ve developed Cyclops – a user interface for managing alerts. Cyclops allows you to easily view, assign and investigate Cyphon alerts. It provides an “eye” into your data, enabling you to respond to issues quickly and effectively.
DeploymentCyphon works with the help of several open source projects. To get Cyphon up and running, you'll need to install all of its dependencies. We've simplified this process by using Docker, which allows you to easily deploy an application as a set of microservices. We've created a set of Docker Compose files for running Cyphon in both development and production environments. This allows you to quickly install and run Cyphon and the other services it uses, including:
Interested in trying Cyphon? Download our virtual machine image, which boots up preconfigured with everything you need to get started.
Use the form below to contact us regarding Cyphon. Dunbar Cybersecurity maintains the Cyphon project and offers support subscriptions. If you have a bug to report, feature request or would like to contribute new source code, please visit our Github page. If you need help using Cyphon, check out our community forum on Gitter.