CyRay’s KeepAlive Service


Mobula Keep-Alive is an essential service designed to ensure the seamless operation of SIEM (Security Information and Event Management) connectors and the overall functionality of the Mobula Platform. With its advanced monitoring capabilities, Mobula Keep-Alive constantly assesses the status of connectors and critical processes, providing real-time alerts whenever a connector or process fails to report.

In today’s rapidly evolving threat landscape, organizations heavily rely on SIEM systems to detect and respond to security incidents. SIEM connectors serve as the vital link between various data sources and the SIEM platform, enabling the ingestion of logs and events for analysis. However, any disruption or malfunction in these connectors can lead to a significant gap in security monitoring, potentially exposing organizations to undetected threats.

The Mobula Keep-Alive service diligently monitors the functionality of SIEM connectors, ensuring their continuous operation. By constantly tracking the reporting status of connectors, it identifies any instances where a connector fails to transmit data to the SIEM platform. This could be due to technical issues, network interruptions, misconfigurations, or other factors that may impede the normal functioning of the connectors.

Additionally, Mobula Keep-Alive extends its monitoring capabilities to critical processes within the Mobula Platform itself. This includes the core components responsible for data ingestion, processing, correlation, and alert generation. By continuously checking the health and functionality of these processes, it ensures that the Mobula Platform is operating optimally and capable of delivering accurate and timely insights.

When Mobula Keep-Alive detects a connector or process that is not reporting or functioning as expected, it immediately generates real-time alerts. These alerts can be configured to notify security teams, administrators, or designated personnel, allowing them to promptly investigate and address the underlying issue. By providing proactive notifications, Mobula Keep-Alive enables organizations to minimize potential downtime, identify and resolve issues swiftly, and maintain the effectiveness of their security monitoring infrastructure.

Key Features of Mobula Keep-Alive:

– Real-time monitoring of SIEM connectors and critical processes within the Mobula Platform.

– Continuous assessment of connector reporting status to detect failures or disruptions.

– Alert generation and notification when connectors or processes are not functioning as expected.

– Customizable alert configurations to suit organizational requirements.

– Enables prompt investigation and resolution of connector or process issues to maintain uninterrupted security monitoring.

With Mobula Keep-Alive, organizations can rest assured that their SIEM connectors and Mobula Platform are operating reliably and continuously. By proactively identifying and addressing potential issues, this service enhances the overall security posture and strengthens incident response capabilities.

More to explorer

New Deployed Rules

Process CreationSuspicious Execution Location Of Wermgr.EXEPotential CVE-2023-36874 Exploitation – Fake Wermgr ExecutionNetwork Reconnaissance ActivityNode Process ExecutionsNslookup PowerShell Download Cradle – Process CreationSuspicious

New Deployed Rules

Account ManagementOutgoing Logon with New CredentialsRottenPotato Like Attack PatternScanner PoC for CVE-2019-0708 RDP RCE Vuln File EventWebDAV Temporary Local File CreationSCR File

New Deployed Rules

Process CreationMMC20 Lateral Movement Process CreationMMC Spawning Windows Shell Process CreationPotential Arbitrary Command Execution Using Msdt.EXE Process CreationSuspicious MSDT Parent Process Process

Sign up for our newsletter

Time to market

One-day SIEM integration