Analysis Correlation Engine

image

ACE is a detection system and automation framework. The analysis engine analyzes data and presents the output to analysts in a manner that attempts to reduce the time to disposition to as close to zero as possible. ACE adheres to a defined design philosophy in an attempt to achieve this goal.

ACE was designed to handle the ordinary, manual, redundant, and repetitive tasks of collecting, combining, and relating data. A contextual and intuitive presentation of all the important data is used to allow for a quick high confidence determination.

Recursive Analysis; Presentation

Tools (some included in ACE) send analysis requests to ACE which then takes whatever is given and recursively analyzes the data. These requests may already be alerts that require additional correlation, or they may be something that could correlate into becoming an alert.

ACE is the implementation of a proven detection strategy, a framework for automating analysis, a central platform to launch and manage incident response activates, an email scanner, and more.

Base functionality provides the following: