IXTra Product Introduction

User environments often have systems in place to store and manage massive amounts of log data. IXTra Rules Engine is a rules-based event monitoring and rules platform that uses log data stored by OpenSearch or Elasticsearch, etc. as a data source.

After users create rules through the platform interface, the platform will periodically launch requests to OpenSearch or Elasticsearch clusters according to the running interval set by the rules, and the rules will be triggered after matching the rule conditions and thresholds. When the rule triggers, it can automatically send emails and create work orders according to the actions set by the rule.

Main functional features

As an important functional extension of InsightX, IXTra can also be applied independently in the user’s data architecture, helping enterprises to extend the functionality of platforms such as existing log centers. iXTra provides integration and management for many third-party applications, such as SMTP, ITSM, threat intelligence, etc., in line with security analysis rules and scenarios.

Examples of common functions

• Flexible interconnection with existing log clusters, ITSM and SMTP through connectors, and the ability to connect multiple data clusters and objects
• Define rules through highly visual rule creation guidelines, with customizable names, descriptions, impact levels, urgency levels, ATT&CK tactics and techniques, processing recommendations, etc.; and write compound rules with flexible query and search methods
• A variety of response actions can be defined such as automatic work orders, aggregated email alerts, automatic query intelligence, etc., including analysts to significantly improve efficiency and automation capabilities.