Cyphon is an incident-response platform that receives, processes, and triages events to create a more efficient analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.

Many organizations manage post-processed security events as email notifications, which is incredibly inefficient. An inbox flooded with alert notifications creates an environment where critical issues are overlooked and rarely investigated.

The framework eliminates this issue by throttling events and prioritizing them based on user-defined rules. Analysts can quickly investigate incidents by correlating other data sets against indicators that matter. They can then annonate alerts with the results of their analysis.

Cyphon supports integrations with Bro, Snort, Nessus, and other popular security products. Social Media Monitoring Leveraging publicly available APIs, Cyphon can collect data from streaming sources. Search is based on keywords, geofencing, and adhoc parameters.

Some of the features included are:

• Aggregate data from numerous sources: email, log messages, APIs, social media and more
• Single pane of glass view instead of multiple dashboards
• Generate custom alerts with push notifications
• View incidents by criticality level
• Investigate alerts and track work performed

You can read more and download this tool over here: https://www.cyphon.io/