Frequently Asked Questions
1. Why CYBERQUEST?
CYBERQUEST is a sophisticated platform that sits on top of all security-related data/applications/sensors/servers, Defined as a Security-Driven Analytics platform or “Next Generation SIEM”. It gathers valuable data from multiple technology sources and empowers users to take actionable, critical decisions in real-time to keep the company safety.
Main benefits of the solution:
- suitable for SMBs as well as Enterprise
- predictable & no hidden costs – lowering the TCO
- unlimited flexibility for log/application data
- no vendor lock, non-SQL Database
- End-to-End Fast Deployment
- GDPR Compliance – fit per industry standards
- single point of access to all data
- reduces investigation time up to 10 times
2. How CYBERQUEST is licensed?
CYBERQUEST solution is available with Subscription or Perpetual for On-premise.
The licensing is based on CPU Cores.
The commercial editions are: Logger, Light, Advanced, Enterprise and Ultimate.
To check more detailed information please follow the link: CYBERQUEST Licensing and Versioning
3. What are the system requirements for CYBERQUEST?
CYBERQUEST is a virtual appliance but can be installed as a physical appliance as well.
To check detailed system requirements please follow the link: Minimum system requirements
4. How could I download the demo version of CYBERQUEST?
You can download the latest release demo version for Nextgen Software product on https://nextgensoftware.eu/.
5. Is there online demo of CYBERQUEST?
You can check the CYBERQUEST Demos by accessing the link: https://demo.cyberquest.cloud/users/login
6. How can I contact CYBERQUEST support team?
Service requests can be accessed through https://support.nextgensoftware.solutions/ or by email at firstname.lastname@example.org.
7. What is a Log Records Structure for CYBERQUEST?
CYBERQUEST events can have the follwing fields:
|DestIP_Country_Code||string||country code of DestIP|
|DestIP_Country_Name||string||country name of DestIP|
|DestMAC||string||destination MAC address|
|IsIncident||boolean||if the event is categorized as security incident|
|N1 ... N40||long||general purpose numeric fields|
|PostDtsSHA256||string||log hash after passing through Data Transformation Service|
|PreDtsSHA256||string||log hash before passing through Data Transformation Service|
|S1 ... S150||string||general purpose string fields|
|SrcIP_Country_Code||string||country code of SrcIP|
|SrcIP_Country_Name||string||country name of SrcIP|
|SrcMAC||string||source MAC address|
|TimeOfDay||long||time of day|
|_Timestamp||SkewedOffset||long||the difference between real time and machine time|
|Time||long||it is the number of seconds ... as a scalar real number which represents the number of seconds that have passed since 00:00:00 UTC Thursday, 1 January 1970|
|TimeZoneOffSet||long||adding the 80 seconds to the GMT|
|isDST||boolean||the summer time if applied or not|
|_agent||GUID||string||agent globally unique identifier|
|Name||string||the name of that agent concerned|
|Site||string||the location of the agent concerned|
|Criticality||long||security level (rating)|
|GeoLat||GEO||decoded latitude from IP address|
|Name||string||the actual name of asset|
|Site||string||the location where it happened (city)|
|URGeoLongL||GEO||decoded longitude from IP address|
|_attack||DestIP||string||destination IP is the IP address of the device to which the packet is being sent.|
|GeoCity||string||decoded City from IP address|
|GeoCountry||string||decoded Country from IP address|
|Host||string||is a computer or other device that communicates with other hosts on a network, include clients and servers -- that send or receive data, services or applications|
|GeoLat||GEO||decoded latitude from IP address|
|GeoLong||GEO||decoded longitude from IP address|
|Method||string||is a particular procedure for accomplishing or approaching something, especially a systematic or established one.|
|Object||string||network objects are used to categorize IP addresses into different types of network entities|
|OtherInfo||String||other information about our network|
|Result||boolean||the result of the attack|
|SrcIP||string||source IP is the IP (Internet Protocol) address of the device sending the IP packet (the IP unit of data transfer).|
|TriggeredRule||string||is use to define conditions under which a trigger action is to be executed.|
|_dataSource||Name||string||the name of the data source|
|SecurityAppliance||string||physical name of the data source|
|_event||Category||string||a category is assigned by CYBERQUEST for each event|
|SourceObject||string||the origin of the object more accurate where it comes from|
|SourceUser||string||the origin of the user more accurate where it comes from|
|SubCategory||string||a Subcategory is assigned by CYBERQUEST for each event depending on the main category|
|TargetObject||string||destination of the object more accurate where it goes|
|TargetUser||string||destination of the user more accurate where it goes|
|URL||string||Uniform Resource Locator is a way of identifying the location of a file on the internet for events|
|_forensics||What||string||describes the action|
|Where||string||describes the location where the event occurred|
|Who||string||describes who created the event|
|Why||string||describes why the event was created|
|_geoLocation||DestIPGeoCountry||string||destination IP coordinates of the country|
|DestIPGeoPoint||geo_point||destination IP coordinates of the point|
|DestIPGeocity||string||destination IP coordinates of the city|
|SrcIPGeoCountry||string||source IP coordinates of the country|
|SrcIPGeoPoint||geo_point||source IP coordinates of the point|
|SrcIPGeocity||string||source IP coordinates of the city|
|_incident||Category||string||a category is assigned by CYBERQUEST for each incident|
|Impact||string||it is measure of the extent of the Incident and of the potential damage caused by the Incident before it can be resolved.|
|Score||long||an incident is an unplanned situation where an IT service is or will be interrupted or degraded in quality|
|SubCategory||string||a Subcategory is assigned by CYBERQUEST for each incident depending on the main category|
|_malware||DeliveryMethod||string||deliveryMethod (mail, file etc...)|
|PostNATDestIPv4||ip||destination IP(IPv4) after network translation|
|PostNATDestIPv6||string||destination IP(IPv6) after network translation|
|PostNATDestPort||long||destination port after network translation|
|PostNATSrcIPv4||ip||source IP(IPv4) after network translation|
|PostNATSrcIPv6||string||source IP(IPv6) after network translation|
|PostNATSrcPort||long||source port after network translation|