Get all the power of Onum
Gain complete control over your data, including real-time observation, filtering, enrichment, and orchestration ― all while reducing costs and optimizing your current data storage and analytics platforms.
Data reduction
Onum allows you to control and align the data you send based on the value it delivers to your organization. Each dataset has specific requirements such as performance needs and retention time. Onum enables you to send each piece of data to the appropriate destination by condensing it into the most efficient format for each analytics tool and eliminating or reducing complete events and/or fields that are not relevant to you.
Likewise, for some data, you don't know whether or not you’ll need it in the future. In these cases, you can use the archive option and Onum will save that data in inexpensive storage, rather than requiring you to send it to and have it stored by your analytics platform. Whenever needed, you can easily rehydrate the data by selecting the time period and desired fields. This way, you only pay your analytics platform for the data you actually use, when you use it.
Onum allows you to reduce your raw data through our user interface with operations such as:
- Convert JSON to CSV
- Remove field Names
- Remove decimals and float numbers
- Hash large fields while maintaining singularity
- Condense field name
- Removing Events
- Unnecessary fields
- Field Transformation
- Field names
- Compacting format
- Aggregation
Removing Events
You can filter by any portion of the event content. If you have verbose events from a data source that you don't need in your data lake, you can filter them out, either temporarily or permanently, with just a few clicks.
Removing Events
You can filter by any portion of the event content. If you have verbose events from a data source that you don't need in your data lake, you can filter them out, either temporarily or permanently, with just a few clicks.
Unnecessary fields
There are fields in the events that you don't need for your daily work. Remove them and activate them only when needed.
Field Transformation (hashes)
Sometimes there are sessions, cookies, or very verbose pieces of content that don't need to be stored in their entirety. To maintain compliance, you can create a hash of them and then search your data lake using the hash if needed.
Removing field names
Many manufacturers use the same field names for different information in their logs. The Onum Platform allows you to create a positional log, enabling the platform to determine the content based on its position of the field within the log. It will be transparent in your data lake and in many cases, you can save more than 50% of the original message.
Compacting format
Manufacturers don't design logs to be optimal. We help you find the best way to optimize the format to minimize space requirements without losing any information.
Logs Added (Flow)
Sometimes you don't need the level of granularity that’s provided in the logs. A good example of this is Netflow, which sends a considerable number of logs from the same source and destination to detail the activity. Onum can aggregate this content to dramatically reduce how much is being sent (e.g., it can be programmed to only send one out of every 10 logs, helping you reduce the number of frames by 90%) without losing information, other than the granularity).
Enrichment
Onum enables you to mix your real-time data with semi-static or dynamic data. These operations extend the fields that are in your events to conduct lookups across a wide variety of data sources. It also enables you to easily develop your own lookups.
- CMDB
- GEOIP
- Private GEOIP
- IOC
- Customized Lookups
CMDB
You can upload your CMDB and apply all necessary operations to the fields that are being sent in real time
CMDB
You can upload your CMDB and apply all necessary operations to the fields that are being sent in real time
GEOIP
Onum includes a geolocation database, updated daily, that you can apply to your IP addresses to learn any details about it (e.g., country, city, ASN, or DNS)
Private GEOIP
You can upload your private IP addresses to apply the same operations in the event that you don’t have them in your CMDB
IOC
Onum compiles all published Indicators of Compromise (IOCs) so that you can enrich your events with this information and increase your intelligence levels, thereby enabling you to reduce your response time to attacks.
Customized Lookups
Oftentimes, the information you need to enrich can’t be found in any public source such as application identifiers, or conversions from ID to email. In these cases, Onum enables you to upload your own lookups so that you can enrich whatever you need.
Routing and orchestration
Onum enables you to take full control of your data. You can combine multiple analytics platforms and send each piece of data to the appropriate destination.
With just a few clicks, the Onum routing engine lets you determine what data to send to each analytics platform, as well as when, which columns, and what timeframes will be covered.
You can send the same data to multiple destinations, subsets of data to separate analytics platforms for specialized analysis, or combine several platforms or storage environments to gain the greatest value from each.
All actions taken with your data will be tracked and audited using Onum’s compliance & control system to provide you with full visibility of what data you have sent to where, as well as when and why you sent it.
Compliance & Control
Onum puts you in full control over your data by showing you, in granular detail, exactly what you did with the data over time. As a result, you’ll have a full, accurate picture of what data stream you sent at any moment in time ― from pure real-time to any moment in the past. You’ll know what analytics platform or data storage environment you sent it to, the exact period of time you sent it, what columns or fields were sent, the data types that were included, and more.
Fidelity Data Lake
Some use cases require you to make a copy of the original data before manipulating or transforming it in any way. Onum can do that by storing a copy of your original data in a tamper-proof, inexpensive storage environment. To keep your data available for any requirement, such as inspection by regulatory auditors or law enforcement, Onum keeps the data fully encrypted, with a digital time stamp signature, for an external and independent time stamp authority.
Long-Term Storage
Not all data has the same needs, and the requirement for retention is no exception. With Onum, you can keep a portion of the data in any analytics platform, or even dispersed between multiple analytics platforms, and keep the same data stored for a much longer period of time in our long-term retention (LTR). Onum long-term retention is an inexpensive storage environment that provides you with full access to your data at any time.
You can rehydrate the data from our LTR to any analytics platform at any moment. You have full control over what events, columns, or periods to put back into your Devo, Splunk, or S3 environment; or you can just download the file with the required data.
Onum LTR also allows you to place strict limits on what gets rehydrated and put back into your analytics platform, to only the data that matches your specific criteria (e.g., contains regex). This enables you to ensure that the smallest amount of data gets put back, so you only pay for the portion of data you really need, and only when you really need it.
Data Rehydration
Onum filtering allows you to delete data that doesn’t have any value or is too small of an amount to send anywhere. In addition, for any data that you’re either not 100% sure if you’ll need in the future, or that you know you’ll need but only infrequently, Onum gives you the option to archive it in inexpensive storage, rather than expensive data analytics platforms.
For this data, Onum’s long term retention (LTR) capabilities can be used via the user interface at any time. Using Onum LTR, you can extract any portion of the data (e.g., full events, fields, etc) spanning any time period and rehydrate it into your analytics platform, cloud storage environment, or just a file.
During the rehydration process, you can set filters to only extract the data that matches specific conditions.
This will allow you to send less data to your analytics platform to further reduce costs, or have more room for new data workloads.
Artificial Intelligence SIEM/Analytics Analysis
It’s frequently difficult to discern the most valuable, highly used datasets, versus those that aren't. The Onum artificial intelligence (AI) module solves this challenge by analyzing how you’ve historically used your analytics platform (you can specify any period of time). It will then tell you what data you haven’t queried for a while (e.g., for the past 12 months); the table fields you don’t use, or rarely use; and the datasets you have only used in the most recent periods (e.g., the firewall table that you’ve only used in the past week.)
The Onum AI module creates a report with recommendations that you can accept, reject, or modify to delete data, send it to a different platform, or place it into long-term storage. You can execute this module as often as you want, enabling you to keep all of your data and costs under control by maintaining data fidelity and ensuring that each dataset continues to flow to the correct destination.
Request a demo or get in touch with our team
Let us help you discover the full potential of your data today!