Processing elements

Axoflow processes the data transported in your security data pipeline in the following stages:

  1. Sources: Data enters the pipeline from a data source. A data source can be an external appliance or application, or a log collector agent managed by Axoflow.

    • Sources are hosts that are sending data to a data aggregator, like AxoRouter.
    • Edges are source hosts that are running a collector agent managed by AxoConsole, or have an Axolet agent reporting metrics from the host.

    For edge hosts, you can create:

  2. Custom metadata on the source: You can configure Axoflow to automatically add custom metadata to the data received from a source.

  3. Router: The AxoRouter data aggregator processes the data it receives from the sources:

    • Connector: AxoRouter hosts receive data using source connectors. The different connectors are responsible for different protocols (like Syslog or OpenTelemetry). Some metadata labels are added to the data based on the connector it was received.
    • Metadata: AxoRouter classifies and identifies the incoming messages and adds metadata, for example, the vendor and product of the identified source.
    • Data extraction: AxoRouter extracts the relevant information from the content of the messages, and makes it available as structured data.

    The router can perform other processing steps, as configured in the flows that apply to the specific router (see next step).

  4. Flow: You can configure flows in the AxoConsole that Axoflow uses to configure the AxoRouter instances to filter, route, and process the security data. Flows also allow you to automatically remove unneeded or redundant information from the messages, reducing data volume and SIEM and storage costs.

  5. Destination: The router sends data to the specified destination in a format optimized for the specific destination.