Frequently Asked Questions
1. Why CYBERQUEST?
CYBERQUEST is a sophisticated platform that sits on top of all security-related data/applications/sensors/servers, Defined as a Security-Driven Analytics platform or “Next Generation SIEM”. It gathers valuable data from multiple technology sources and empowers users to take actionable, critical decisions in real-time to keep the company safety.
Main benefits of the solution:
- suitable for SMBs as well as Enterprise
- predictable & no hidden costs – lowering the TCO
- unlimited flexibility for log/application data
- no vendor lock, non-SQL Database
- End-to-End Fast Deployment
- GDPR Compliance – fit per industry standards
- single point of access to all data
- reduces investigation time up to 10 times
2. How CYBERQUEST is licensed?
CYBERQUEST solution is available with Subscription or Perpetual for On-premise.
The licensing is based on CPU Cores.
The commercial editions are: Logger, Light, Advanced, Enterprise and Ultimate.
To check more detailed information please follow the link: CYBERQUEST Licensing and Versioning
3. What are the system requirements for CYBERQUEST?
CYBERQUEST is a virtual appliance but can be installed as a physical appliance as well.
To check detailed system requirements please follow the link: Minimum system requirements
4. How could I download the demo version of CYBERQUEST?
You can download the latest release demo version for Nextgen Software product on https://nextgensoftware.eu/.
5. How can I contact CYBERQUEST support team?
Service requests can be accessed through https://support.nextgensoftware.solutions/ or by email at support@nextgensoftware.solutions.
6. What is a Log Records Structure for CYBERQUEST?
CYBERQUEST events can have the follwing fields:
Category | Field | Type | Description |
---|---|---|---|
Generic Fields | CapturedImage | binary | |
Category | string | category | |
Computer | string | computer name | |
Description | string | description | |
DestIP | string | DestIP | |
DestIP_Country_Code | string | country code of DestIP | |
DestIP_Country_Name | string | country name of DestIP | |
DestMAC | string | destination MAC address | |
EventID | long | event ID | |
EventLog | string | event log | |
EventPath | string | event path | |
EventType | long | event type | |
GMT | date | GMT | |
ID | string | ID | |
IP | string | IP | |
IsIncident | boolean | if the event is categorized as security incident | |
LocalTime | date | local time | |
N1 ... N40 | long | general purpose numeric fields | |
PlatformID | string | platform id | |
PostDtsSHA256 | string | log hash after passing through Data Transformation Service | |
PreDtsSHA256 | string | log hash before passing through Data Transformation Service | |
RawData | string | raw data | |
ReceivedTime | date | received time | |
S1 ... S150 | string | general purpose string fields | |
SecondaryTag | string | secondary tag | |
SessionID | string | session ID | |
Source | string | source | |
SrcIP | string | source IP | |
SrcIP_Country_Code | string | country code of SrcIP | |
SrcIP_Country_Name | string | country name of SrcIP | |
SrcMAC | string | source MAC address | |
Tag | string | tag | |
Tenant | string | tenant | |
TimeOfDay | long | time of day | |
UserDomain | string | user domain | |
UserName | string | username | |
VersionMajor | long | version major | |
VersionMinor | long | version minor | |
content | string | content | |
_Timestamp | SkewedOffset | long | the difference between real time and machine time |
Time | long | it is the number of seconds ... as a scalar real number which represents the number of seconds that have passed since 00:00:00 UTC Thursday, 1 January 1970 | |
TimeZoneOffSet | long | adding the 80 seconds to the GMT | |
isDST | boolean | the summer time if applied or not | |
_agent | GUID | string | agent globally unique identifier |
Name | string | the name of that agent concerned | |
Site | string | the location of the agent concerned | |
_asset | Application | string | application name |
Criticality | long | security level (rating) | |
GeoLat | GEO | decoded latitude from IP address | |
Name | string | the actual name of asset | |
Owner | string | Owner name | |
Project | string | project name | |
SecurityValue | long | security level | |
Site | string | the location where it happened (city) | |
URGeoLongL | GEO | decoded longitude from IP address | |
_attack | DestIP | string | destination IP is the IP address of the device to which the packet is being sent. |
GeoCity | string | decoded City from IP address | |
GeoCountry | string | decoded Country from IP address | |
Host | string | is a computer or other device that communicates with other hosts on a network, include clients and servers -- that send or receive data, services or applications | |
GeoLat | GEO | decoded latitude from IP address | |
GeoLong | GEO | decoded longitude from IP address | |
Method | string | is a particular procedure for accomplishing or approaching something, especially a systematic or established one. | |
Object | string | network objects are used to categorize IP addresses into different types of network entities | |
OtherInfo | String | other information about our network | |
Result | boolean | the result of the attack | |
SrcIP | string | source IP is the IP (Internet Protocol) address of the device sending the IP packet (the IP unit of data transfer). | |
TriggeredRule | string | is use to define conditions under which a trigger action is to be executed. | |
_dataSource | Name | string | the name of the data source |
SecurityAppliance | string | physical name of the data source | |
Version | string | the version | |
_event | Category | string | a category is assigned by CYBERQUEST for each event |
Result | boolean | success/failed | |
SourceObject | string | the origin of the object more accurate where it comes from | |
SourceUser | string | the origin of the user more accurate where it comes from | |
SubCategory | string | a Subcategory is assigned by CYBERQUEST for each event depending on the main category | |
TargetObject | string | destination of the object more accurate where it goes | |
TargetUser | string | destination of the user more accurate where it goes | |
URL | string | Uniform Resource Locator is a way of identifying the location of a file on the internet for events | |
_forensics | What | string | describes the action |
Where | string | describes the location where the event occurred | |
Who | string | describes who created the event | |
Why | string | describes why the event was created | |
_geoLocation | DestIPGeoCountry | string | destination IP coordinates of the country |
DestIPGeoPoint | geo_point | destination IP coordinates of the point | |
DestIPGeocity | string | destination IP coordinates of the city | |
Host | string | host | |
SrcIPGeoCountry | string | source IP coordinates of the country | |
SrcIPGeoPoint | geo_point | source IP coordinates of the point | |
SrcIPGeocity | string | source IP coordinates of the city | |
_incident | Category | string | a category is assigned by CYBERQUEST for each incident |
Impact | string | it is measure of the extent of the Incident and of the potential damage caused by the Incident before it can be resolved. | |
Score | long | an incident is an unplanned situation where an IT service is or will be interrupted or degraded in quality | |
SubCategory | string | a Subcategory is assigned by CYBERQUEST for each incident depending on the main category | |
_malware | DeliveryMethod | string | deliveryMethod (mail, file etc...) |
Name | string | malware name | |
_network | AplicationName | string | application name |
DestIPv4 | ip | destination IP(IPv4) | |
DestIPv6 | string | destination IP(IPv6) | |
DestInterface | string | destination interface | |
DestPort | long | destination port | |
FlowID | string | NetflowID | |
PostNATDestIPv4 | ip | destination IP(IPv4) after network translation | |
PostNATDestIPv6 | string | destination IP(IPv6) after network translation | |
PostNATDestPort | long | destination port after network translation | |
PostNATSrcIPv4 | ip | source IP(IPv4) after network translation | |
PostNATSrcIPv6 | string | source IP(IPv6) after network translation | |
PostNATSrcPort | long | source port after network translation | |
Protocol | string | protocol | |
ReceivedBytes | long | received bytes | |
SrcIPv4 | ip | destination IP(IPv4) | |
SrcIPv6 | string | source IP(IPv6) | |
SrcInterface | string | source interface | |
SrcPort | long | source port | |
TransferedBytes | long | transferred bytes |
7. Alert Records Structure
CYBERQUEST Alerts can have the follwing fields:
Category | Field | Type | Description |
---|---|---|---|
Generic Fields | IP | string | IP |
Category | string | category | |
Computer | string | computer name | |
Description | string | description | |
DestIP | string | DestIP | |
EventID | long | event ID | |
EventLog | string | event log | |
EventType | long | event type | |
GMT | date | GMT | |
LocalTime | date | local time | |
PlatformID | string | platform ID | |
S1...S150 | string | general purpose string fields | |
Protocol | string | protocol | |
Destination Port | long | destination port | |
Application name | string | application name | |
SourcePort | string | source port | |
Flow ID | string | NetflowID | |
Source | string | source | |
SrcIP | string | source IP is the IP (Internet Protocol) address of the device sending the IP packet (the IP unit of data transfer) | |
Tag | string | tag | |
VersionMajor | long | version major | |
VersionMinor | long | version minor | |
ReceivedTime | date | received time | |
SecurityScore | long | security score | |
SecurityLevel | long | security level | |
SrcIP_Country_Code | string | country code of SrcIP | |
SrcIP_Country_Name | string | country name of SrcIP | |
DestIP_Country_Code | string | country code of DestIP | |
DestIP_Country_Name | string | country name of DestIP | |
EventPath | string | event path | |
TimeOfDay | long | time of day | |
_network | AplicationName | string | application name |
DestIPv4 | ip | destination IP(IPv4) | |
DestInterface | string | destination interface | |
DestPort | long | destination port | |
FlowID | string | NetflowID | |
PostNATDestIPv4 | ip | destination IP(IPv4) after network translation | |
PostNATDestPort | long | destination port after network translation | |
PostNATSrcIPv4 | ip | source IP(IPv4) after network translation | |
PostNATSrcPort | long | source port after network translation | |
Protocol | string | protocol | |
ReceivedBytes | long | received bytes | |
SrcIPv4 | ip | destination IP(IPv4) | |
SrcInterface | string | source interface | |
SrcPort | long | source port | |
TransferedBytes | long | transferred bytes | |
_Timestamp | isDST | boolean | the summer time if applied or not |
TimeZoneOffSet | long | adding the 80 seconds to the GMT | |
SkewedOffset | long | the difference between real time and machine time | |
Time | long | it is the number of seconds, as a scalar real number which represents the number of seconds that have passed since 00:00:00 UTC Thursday, 1 January 1970 | |
_asset | GUID | string | asset globally unique identifier |
Name | string | the actual name of asset | |
SecurityValue | long | security level | |
_event | Category | string | a category is assigned by CYBERQUEST for each event |
SubCategory | string | a Subcategory is assigned by CYBERQUEST for each event depending on the main category | |
_geoLocation | SrcIPGeoCountry | string | source IP coordinates of the country |
SrcIPGeocity | string | source IP coordinates of the city | |
SrcIPGeoPoint | geo_point | source IP coordinates of the point | |
DestIPGeoCountry | string | destination IP coordinates of the country | |
DestIPGeocity | string | destination IP coordinates of the city | |
DestIPGeoPoint | geo_point | destination IP coordinates of the point |