Download PDF

Data Integration Guide

This guide explains how to use the SNYPR connector libraries to create connections and ingest activity and enrichment data from antivirus tools, DLP, IAM tools, web proxy, SIEM, third-party intelligence, email security, operating systems, enterprise applications, and more to support the out-of-the-box and custom use cases in your environment.

SNYPR Overview

SNYPR is a big data security analytics platform built on Hadoop that utilizes Securonix machine-learning-based anomaly detection techniques and threat models to detect sophisticated cyber and insider attacks. SNYPR uses Hadoop both as its distributed security analytics engine and long-term data retention engine. Hadoop nodes can be added as needed, allowing the solution to scale horizontally to support hundreds of thousands of events per second (EPS).

SNYPR features:

  • Supports a rich variety of security data, including security event logs, user identity data, access privileges, threat intelligence asset metadata, and netflow data.
  • Normalizes, indexes, and correlates security event logs, network flows, and application transactions.
  • Utilizes machine learning-based anomaly detection techniques, including behavior profiling, peer group analytics, pattern analysis, and event rarity to detect advanced threats.
  • Provides out-of-the-box threat and risk models for detection and prioritization of insider threat, cyber threat, and fraud.
  • Risk-ranks entities involved in threats to enable an entity-centric (user or devices) approach to mitigating threats.
  • Provides Spotter, a blazing-fast search feature with normalized search syntax that enables investigators to investigate today’s threats and track advanced persistent threats over long periods of time, with all data available at all times.

Documentation Conventions

There are different font styles used throughout the SNYPR documentation to indicate specific information. The table below describes the common formatting conventions used in the documentation:

Convention Description
Bold font

Words in bold can indicate the following:

  • Buttons that you need to click
  • Fields in the user interface (UI)
  • Menu options in the UI
  • Information you need to type or select
Monospace font Indicates commands or code.
Menu navigation The navigation path to reach a specific screen in the UI is separated by a greater than symbol (>). For example, Menu > Administration.
UPPERCASE FONT All uppercase words are acronyms.
Folders and folder paths Quotation marks are used around a folder name or folder path. For example, “C:\Documents\UserGuide”.

Note: You can click any image online to make the image bigger or easier to read.

Additional Resources

If you require additional information, the following guides are available:

Document Name Audience
RIN Installation Guide

On-boarding team and deployment engineers who need to install the RIN to connect to the SNYPR application to ingest data.

Content Guide
  • Data Integrators and deployment engineers who need to use existing connectors to import data and deploy available content.
  • Content developers who need to use the out-of-the-box content to detect the threats to your organization.
Analytics Guide

Content developers who need to use the existing content and custom analytics available in the SNYPR platform to develop use cases to detect the threats to your organization.

Security Analyst Guide
  • Information security professionals and security analysts who need to detect and manage threats.
  • Risk and compliance officers and IT specialists who need to use SNYPR reporting capabilities to monitor and remediate compliance.
Access Analytics Guide
  • Information security professionals and security analysts who need to detect and remediate high-risk access due to orphaned accounts, privilege creep, or account compromise.
  • Compliance officers and data owners who need to review and remediate access for privilege creep, SOD violations, and orphaned accounts.
Administrator Guide
  • System administrators and service providers who need information about how to monitor and administer the platform at a systems level.
  • Business managers and other users in a supervisory role who need information about how to use SNYPR to grant employees and partners access to applications, check for policy violations, and manage cases.
Web Services Guide

Developers who need to communicate to SNYPR using the REST APIs.