When configured to operate as a centralized point for integration with external sources that do not support Myrmex installation, the agent is called the Security Collector. The Collector allows receiving logs and events from external devices and systems using Syslog or APIs. These devices connecting via API, known as crawlers, are efficiently integrated into Myrmex, ensuring continuous security visibility and analysis.

Collection Methods

The Myrmex Collector supports two main ways to collect logs:
  • Syslog Based: The Collector receives logs from devices and systems that send security information via the Syslog protocol, making it an ideal solution for network equipment such as switches, firewalls, and other devices that natively support this protocol.
  • Authentication (Crawler) Based: The Collector also integrates with devices and systems that do not support Syslog, such as cloud solutions or SaaS tools, using APIs configured with credentials to collect security data. These devices are known as crawlers and are essential for modern, distributed environments.
After collection, the Myrmex Collector normalizes and standardizes the received logs, converting data from different sources into a unified format suitable for detailed analysis by the Myrmex Security Platform.

Available Integrations

The Myrmex Collector offers a wide range of integrations, allowing security data collection from various external sources. Below are some of the main available integrations:
  • Network Devices:
    • Firewalls
    • Switches
    • Routers
  • Cloud Platforms:
    • Microsoft Office 365
    • Amazon Web Services (AWS)
    • Google Cloud Platform (GCP)
  • Security and SaaS Solutions:
    • Third-party Antivirus and EDRs
    • Network Monitoring Platforms
    • Cloud Backup Solutions
  • Other Integrations via API:
    • Identity Management Systems
    • Communication and Collaboration Platforms (Teams, etc.)

Key Features

  • Integration with Crawlers (API Devices): The Collector allows API devices (crawlers), such as cloud solutions and SaaS tools, to be easily connected and integrated into Myrmex, ensuring security events can be effectively monitored and analyzed.
  • Continuous Data Collection: Continuous collection of security logs and events, such as network traffic, access attempts, and changes to critical configurations, ensures full real-time visibility into the environment’s security status.
  • Log Normalization and Standardization: Converts raw, heterogeneous data into a unified, structured format, allowing for more efficient and consistent analysis of all collected events.
  • Event Pre-Analysis: Before sending data to the Myrmex platform, the Collector applies correlation and intelligent filters to identify critical events, such as anomalous behavior or suspicious access attempts, optimizing incident response time.
  • Secure Transmission: All collected data is transmitted securely using encrypted channels to ensure data integrity and confidentiality during transmission to the Myrmex Security Platform.