Nybble Analytics is a SIEM platform built on top of open-source stream-processing frameworks and open standards.
Stream Processing Framework
Nybble is based on Apache Flink stream-processing framework, which have a rich set of features that make it an ideal candidate to be the core of a SIEM platform.
Apache Flink provides basic SIEM features like real-time analysis, scalability and high availability but also more advanced features like savepoints (that can allow retro-analysis) or complex event processing.
Additionally, Flink works on Kappa architecture, which means that besides to be able to work in with streams, it's also possible to work with batchs and provide reporting features.
MISP is a free and open source threat sharing platform, using MISP standard for threat intelligence sharing. MISP allow automation of threat definition and sharing and is compatible with many other standards like STIX, OpenIOC, ...
Nybble platform can be interconnected with MISP to enrich security events with Cyber Threat Intelligence previously gathered and shared by analysts.
TheHive is a free and open source Security Incident Response Platform allowing collaborative management of security incident, advanced and fast investigation and Active Response thanks to Cortex Analyzer.
TheHive is also integrated with MISP, which make TheHive able to consume Cyber Threat Intelligence from MISP and also produce Cyber Threat Intelligence that will be use by Nybble platform.
The purpose of integration of Nybble Platform with MISP, TheHive and open standard like Sigma is to be able to constantly produce and consume Cyber Threat Intelligence.
Those standards allow to easily share IOCs found during investigations, rules created following security incident or intelligence gathered during the whole process and finally enhance the detection capabilites.
Intelligence can be shared only internaly or also externally with other companies :