Stronger will your defense be with Stamus.
The RYOD (Run Your Own Defense) containers are Linux containers that allow the owner of a probe to deploy specific software and tasks to analyze the logs, alerts and outputs generated by the probe in a separate manner and fashion. These containers are isolated and secured from the main platform. This permits for separation of duties execution in a secure approach without a risk of accidental contamination or information destruction within an organization. Containers can have a flexible quota applied onto in term of resources (CPU, hard drive, memory) to limit the potential impact of a resource intensive task on the probe.
One container can be dedicated to the connection to the organizations specific SIEM deployment. In this case, it can use standard JSON logging as input/output and send this to the SIEM with the method corresponding to the product you are using.
The main advantage of RYOD containers is that they empower you. You can access the data generated by the appliance and use them to run your own separate data analysis and digestion tasks – ideal place to deploy Indicator Of Compromise.
