Integration Documentation
Ask or search…
K

Data Sync

Netacea has the capability of providing a feed of mitigated traffic using N/ Data Sync.

N/ Data Sync

N/ Data Sync delivers a real time stream of bots detected using zero-latency integrations with log capture tools and other threat or risk feeds.
Netacea provide a N/ Detection Feed of all mitigated threats to the customer for reporting purposes. This allows the customer to get visibility into what traffic has been blocked at the integration point​. The data can then be used in correlation with other SIEM feeds to gain better insight into the overall customer security posture​.
The data can be supplied to the customer by either placing messages onto a Kinesis stream or by placing the information into an S3 bucket for the customer to ingest.
On the basis that this will be for forensic purposes and not real-time blocking, Data Sync information will typically be updated on a periodic basis rather than instantaneously.
Data Sync Flow
  1. 1.
    The visitor requests the site protected by Netacea.
  2. 2.
    The Netacea plugin will query the Netacea Protector API service to check if the visitor is known to be malicious or safe.
  3. 3.
    A copy of the web request is passed as log data for analysis using our collective threat intelligence, machine learning and behavioral analysis to determine if the request is safe.
  4. 4.
    N/ Detection Engine analyses every request and re-evaluates the status of every visitor. Any visitors/potential visitors identified as threats by N/ Detection Engine are added to the Targeted Threat List ready for the next request from that visitor​.
  5. 5.
    Analysis results are published for the Netacea plugin to read and determine what mitigation strategy should be used for this traffic.
  6. 6.
    Netacea then distributes the list of all mitigative actions to the customer. All threats detected are made available either as a regular file drop or via a Kinesis stream.​
  7. 7.
    The information is imported into existing threat management systems for reporting purposes.
  8. 8.
    If the requests are benign, they are passed to the origin as normal.
  9. 9.
    If the requests require a mitigation to take place, the appropriate action is taken and served to the client.