OSCAR © reads in a variety of log sources that arise from the sensors for data generation. These network, host and application streams flow into our persistent queue for hot-path real-time processing, are normalized and enriched, and are pre-processed for their purpose. After pre-processing, the data is in the SIEM for further processing. There you generate alerts and are used for queries via GUI.
In OSCARs © Cold-Path Batch Processing, targeted streams flow from our pre-processed data via a machine learning pipeline into the machine learning training database, which is used for machine learning training, can trigger actions, but is also queried from the SIEM or data store for the purpose of queries can become.

The architecture of OSCAR © is client-capable and scales immensely.

For our customers who operate infrastructures that they have to depend on the central SOC infrastructure for a specific purpose in the short or medium term, we provide local SOCs in the form of intelligent local anomaly detectors. These do their work locally and protect the infrastructure as if they were connected to the central SOC. The data is stored locally. As soon as the local SOC is connected back to the central SOC infrastructure, the data is synchronized.

The local SOC performs a special authentication before separating from the central SOC. A key distribution takes place before decoupling. This ensures the integrity of the software.

Results are output directly in the form of dashboards (see gallery), alerts, email, SMS, tickets, or they are written to the data store. If a SOAR environment is installed, the data is pumped into the SOAR environment and processed there before automatisms intervene or outputs such as those mentioned occur.