Difference between revisions of "KHIKA Components"

From khika
Jump to navigation Jump to search
(Created page with "KHIKA, the Big Data Network data lake and SIEM platform comprises of various components explained below === KHIKA Data Aggregator === === KHIKA Messaging Layer === === KHIKA...")
 
(KHIKA Data Aggregator)
Line 2: Line 2:
  
 
=== KHIKA Data Aggregator ===
 
=== KHIKA Data Aggregator ===
 +
KHIKA Data Aggregator is responsible for gathering the data from various end nodes such as servers, network devices (routers, switches, firewalls etc) , storage devices, sensors etc. It receives the data in the protocol supported by the end device (eg. syslog, ssh, agent based, OPSEC, LEA, SQL etc), converts it in the [[KHIKA Data Format]], encrypts it, compresses it and relays it back to KHIKA Messaging Layer for further processing and persistent storage.
 +
*In case of servers/computers, we can install the agent on the end-node that sends the data back to KHIKA Data Aggregator in encrypted and compressed form, or even agentless data collection is also possible. [[We highly recommend installing an Agent on the node to be monitored|Why does KHIKA recommend installing OSSEC Agent?]].
 +
*In case of network devices, the data will be pushed by the end-node to the KHIKA Data Aggregator using the supported protocols such as syslog, opsec, LEA, SNMP, FTP etc.
 +
 +
It is advised to install the Data Aggregator 'near' the end node, preferably in the same data center/location where the end-nodes are located.
 +
 
=== KHIKA Messaging Layer ===
 
=== KHIKA Messaging Layer ===
 
=== KHIKA Compute Layer ===
 
=== KHIKA Compute Layer ===

Revision as of 04:33, 19 June 2019

KHIKA, the Big Data Network data lake and SIEM platform comprises of various components explained below

KHIKA Data Aggregator

KHIKA Data Aggregator is responsible for gathering the data from various end nodes such as servers, network devices (routers, switches, firewalls etc) , storage devices, sensors etc. It receives the data in the protocol supported by the end device (eg. syslog, ssh, agent based, OPSEC, LEA, SQL etc), converts it in the KHIKA Data Format, encrypts it, compresses it and relays it back to KHIKA Messaging Layer for further processing and persistent storage.

  • In case of servers/computers, we can install the agent on the end-node that sends the data back to KHIKA Data Aggregator in encrypted and compressed form, or even agentless data collection is also possible. Why does KHIKA recommend installing OSSEC Agent?.
  • In case of network devices, the data will be pushed by the end-node to the KHIKA Data Aggregator using the supported protocols such as syslog, opsec, LEA, SNMP, FTP etc.

It is advised to install the Data Aggregator 'near' the end node, preferably in the same data center/location where the end-nodes are located.

KHIKA Messaging Layer

KHIKA Compute Layer

KHIKA Indexer and Search head

KHIKA Enrichment Engine

KHIKA Correlation Engine

KHIKA Reporting Engine

KHIKA miscellaneous workers

KHIKA Storage

KHIKA GUI