Frequently Asked Questions
1. Why CYBERQUEST?
CYBERQUEST is a sophisticated platform that sits on top of all security-related data/applications/sensors/servers, Defined as a Security-Driven Analytics platform or “Next Generation SIEM”. It gathers valuable data from multiple technology sources and empowers users to take actionable, critical decisions in real-time to keep the company safety.
Main benefits of the solution:
- suitable for SMBs as well as Enterprise
- predictable & no hidden costs – lowering the TCO
- unlimited flexibility for log/application data
- no vendor lock, non-SQL Database
- End-to-End Fast Deployment
- GDPR Compliance – fit per industry standards
- single point of access to all data
- reduces investigation time up to 10 times
2. How CYBERQUEST is licensed?
CYBERQUEST solution is available with Subscription or Perpetual for On-premise.
The licensing is based on CPU Cores.
The commercial editions are: Logger, Light, Advanced, Enterprise and Ultimate.
To check more detailed information please follow the link: CYBERQUEST Licensing and Versioning
3. What are the system requirements for CYBERQUEST?
CYBERQUEST is a virtual appliance but can be installed as a physical appliance as well.
To check detailed system requirements please follow the link: Minimum system requirements
4. How could I download the demo version of CYBERQUEST?
You can download the latest release demo version for Nextgen Software product on https://nextgensoftware.eu/.
5. How can I contact CYBERQUEST support team?
Service requests can be accessed through https://support.nextgensoftware.solutions/ or by email at support@nextgensoftware.solutions.
6. What is a Log Records Structure for CYBERQUEST?
CYBERQUEST events can have the follwing fields:
| Category | Field | Type | Description |
|---|---|---|---|
| Generic Fields | CapturedImage | binary | |
| Category | string | category | |
| Computer | string | computer name | |
| Description | string | description | |
| DestIP | string | DestIP | |
| DestIP_Country_Code | string | country code of DestIP | |
| DestIP_Country_Name | string | country name of DestIP | |
| DestMAC | string | destination MAC address | |
| EventID | long | event ID | |
| EventLog | string | event log | |
| EventPath | string | event path | |
| EventType | long | event type | |
| GMT | date | GMT | |
| ID | string | ID | |
| IP | string | IP | |
| IsIncident | boolean | if the event is categorized as security incident | |
| LocalTime | date | local time | |
| N1 ... N40 | long | general purpose numeric fields | |
| PlatformID | string | platform id | |
| PostDtsSHA256 | string | log hash after passing through Data Transformation Service | |
| PreDtsSHA256 | string | log hash before passing through Data Transformation Service | |
| RawData | string | raw data | |
| ReceivedTime | date | received time | |
| S1 ... S150 | string | general purpose string fields | |
| SecondaryTag | string | secondary tag | |
| SessionID | string | session ID | |
| Source | string | source | |
| SrcIP | string | source IP | |
| SrcIP_Country_Code | string | country code of SrcIP | |
| SrcIP_Country_Name | string | country name of SrcIP | |
| SrcMAC | string | source MAC address | |
| Tag | string | tag | |
| Tenant | string | tenant | |
| TimeOfDay | long | time of day | |
| UserDomain | string | user domain | |
| UserName | string | username | |
| VersionMajor | long | version major | |
| VersionMinor | long | version minor | |
| content | string | content | |
| _Timestamp | SkewedOffset | long | the difference between real time and machine time |
| Time | long | it is the number of seconds ... as a scalar real number which represents the number of seconds that have passed since 00:00:00 UTC Thursday, 1 January 1970 | |
| TimeZoneOffSet | long | adding the 80 seconds to the GMT | |
| isDST | boolean | the summer time if applied or not | |
| _agent | GUID | string | agent globally unique identifier |
| Name | string | the name of that agent concerned | |
| Site | string | the location of the agent concerned | |
| _asset | Application | string | application name |
| Criticality | long | security level (rating) | |
| GeoLat | GEO | decoded latitude from IP address | |
| Name | string | the actual name of asset | |
| Owner | string | Owner name | |
| Project | string | project name | |
| SecurityValue | long | security level | |
| Site | string | the location where it happened (city) | |
| URGeoLongL | GEO | decoded longitude from IP address | |
| _attack | DestIP | string | destination IP is the IP address of the device to which the packet is being sent. |
| GeoCity | string | decoded City from IP address | |
| GeoCountry | string | decoded Country from IP address | |
| Host | string | is a computer or other device that communicates with other hosts on a network, include clients and servers -- that send or receive data, services or applications | |
| GeoLat | GEO | decoded latitude from IP address | |
| GeoLong | GEO | decoded longitude from IP address | |
| Method | string | is a particular procedure for accomplishing or approaching something, especially a systematic or established one. | |
| Object | string | network objects are used to categorize IP addresses into different types of network entities | |
| OtherInfo | String | other information about our network | |
| Result | boolean | the result of the attack | |
| SrcIP | string | source IP is the IP (Internet Protocol) address of the device sending the IP packet (the IP unit of data transfer). | |
| TriggeredRule | string | is use to define conditions under which a trigger action is to be executed. | |
| _dataSource | Name | string | the name of the data source |
| SecurityAppliance | string | physical name of the data source | |
| Version | string | the version | |
| _event | Category | string | a category is assigned by CYBERQUEST for each event |
| Result | boolean | success/failed | |
| SourceObject | string | the origin of the object more accurate where it comes from | |
| SourceUser | string | the origin of the user more accurate where it comes from | |
| SubCategory | string | a Subcategory is assigned by CYBERQUEST for each event depending on the main category | |
| TargetObject | string | destination of the object more accurate where it goes | |
| TargetUser | string | destination of the user more accurate where it goes | |
| URL | string | Uniform Resource Locator is a way of identifying the location of a file on the internet for events | |
| _forensics | What | string | describes the action |
| Where | string | describes the location where the event occurred | |
| Who | string | describes who created the event | |
| Why | string | describes why the event was created | |
| _geoLocation | DestIPGeoCountry | string | destination IP coordinates of the country |
| DestIPGeoPoint | geo_point | destination IP coordinates of the point | |
| DestIPGeocity | string | destination IP coordinates of the city | |
| Host | string | host | |
| SrcIPGeoCountry | string | source IP coordinates of the country | |
| SrcIPGeoPoint | geo_point | source IP coordinates of the point | |
| SrcIPGeocity | string | source IP coordinates of the city | |
| _incident | Category | string | a category is assigned by CYBERQUEST for each incident |
| Impact | string | it is measure of the extent of the Incident and of the potential damage caused by the Incident before it can be resolved. | |
| Score | long | an incident is an unplanned situation where an IT service is or will be interrupted or degraded in quality | |
| SubCategory | string | a Subcategory is assigned by CYBERQUEST for each incident depending on the main category | |
| _malware | DeliveryMethod | string | deliveryMethod (mail, file etc...) |
| Name | string | malware name | |
| _network | AplicationName | string | application name |
| DestIPv4 | ip | destination IP(IPv4) | |
| DestIPv6 | string | destination IP(IPv6) | |
| DestInterface | string | destination interface | |
| DestPort | long | destination port | |
| FlowID | string | NetflowID | |
| PostNATDestIPv4 | ip | destination IP(IPv4) after network translation | |
| PostNATDestIPv6 | string | destination IP(IPv6) after network translation | |
| PostNATDestPort | long | destination port after network translation | |
| PostNATSrcIPv4 | ip | source IP(IPv4) after network translation | |
| PostNATSrcIPv6 | string | source IP(IPv6) after network translation | |
| PostNATSrcPort | long | source port after network translation | |
| Protocol | string | protocol | |
| ReceivedBytes | long | received bytes | |
| SrcIPv4 | ip | destination IP(IPv4) | |
| SrcIPv6 | string | source IP(IPv6) | |
| SrcInterface | string | source interface | |
| SrcPort | long | source port | |
| TransferedBytes | long | transferred bytes |
7. Alert Records Structure
CYBERQUEST Alerts can have the follwing fields:
| Category | Field | Type | Description |
|---|---|---|---|
| Generic Fields | IP | string | IP |
| Category | string | category | |
| Computer | string | computer name | |
| Description | string | description | |
| DestIP | string | DestIP | |
| EventID | long | event ID | |
| EventLog | string | event log | |
| EventType | long | event type | |
| GMT | date | GMT | |
| LocalTime | date | local time | |
| PlatformID | string | platform ID | |
| S1...S150 | string | general purpose string fields | |
| Protocol | string | protocol | |
| Destination Port | long | destination port | |
| Application name | string | application name | |
| SourcePort | string | source port | |
| Flow ID | string | NetflowID | |
| Source | string | source | |
| SrcIP | string | source IP is the IP (Internet Protocol) address of the device sending the IP packet (the IP unit of data transfer) | |
| Tag | string | tag | |
| VersionMajor | long | version major | |
| VersionMinor | long | version minor | |
| ReceivedTime | date | received time | |
| SecurityScore | long | security score | |
| SecurityLevel | long | security level | |
| SrcIP_Country_Code | string | country code of SrcIP | |
| SrcIP_Country_Name | string | country name of SrcIP | |
| DestIP_Country_Code | string | country code of DestIP | |
| DestIP_Country_Name | string | country name of DestIP | |
| EventPath | string | event path | |
| TimeOfDay | long | time of day | |
| _network | AplicationName | string | application name |
| DestIPv4 | ip | destination IP(IPv4) | |
| DestInterface | string | destination interface | |
| DestPort | long | destination port | |
| FlowID | string | NetflowID | |
| PostNATDestIPv4 | ip | destination IP(IPv4) after network translation | |
| PostNATDestPort | long | destination port after network translation | |
| PostNATSrcIPv4 | ip | source IP(IPv4) after network translation | |
| PostNATSrcPort | long | source port after network translation | |
| Protocol | string | protocol | |
| ReceivedBytes | long | received bytes | |
| SrcIPv4 | ip | destination IP(IPv4) | |
| SrcInterface | string | source interface | |
| SrcPort | long | source port | |
| TransferedBytes | long | transferred bytes | |
| _Timestamp | isDST | boolean | the summer time if applied or not |
| TimeZoneOffSet | long | adding the 80 seconds to the GMT | |
| SkewedOffset | long | the difference between real time and machine time | |
| Time | long | it is the number of seconds, as a scalar real number which represents the number of seconds that have passed since 00:00:00 UTC Thursday, 1 January 1970 | |
| _asset | GUID | string | asset globally unique identifier |
| Name | string | the actual name of asset | |
| SecurityValue | long | security level | |
| _event | Category | string | a category is assigned by CYBERQUEST for each event |
| SubCategory | string | a Subcategory is assigned by CYBERQUEST for each event depending on the main category | |
| _geoLocation | SrcIPGeoCountry | string | source IP coordinates of the country |
| SrcIPGeocity | string | source IP coordinates of the city | |
| SrcIPGeoPoint | geo_point | source IP coordinates of the point | |
| DestIPGeoCountry | string | destination IP coordinates of the country | |
| DestIPGeocity | string | destination IP coordinates of the city | |
| DestIPGeoPoint | geo_point | destination IP coordinates of the point |