Technical Information


Technology Follows Real Life

CyberQuest was designed to closely reflect your real-life business. By constantly challenging cross-platform and multi-technology metadata aggregation and correlation, we managed to understand the equation of information overload that our customers are facing and to solve it.


Parse, Enrich & Transform



Detect, Investigate, Report & Alert

Data, Case & Incident Management



CyberQuest collects and correlates data from the entire infrastructure, from existing SIEM systems, business applications and other security tools, such as vulnerability management solutions, IDS / IPS, Data Loss Prevention tools, Firewalls.

  • Agents / agentless data collection
  • Unify all security and relevant data sources to quickly correlate / investigate any incident
    • Business & security applications
    • SIEMs
    • Databases
    • Cloud
  • Real-time / schedule-based connectivity to classical SIEM systems for data feeds

Parse, Enrich & Transform

CyberQuest intelligently enriches, transforms, manages, correlates and integrates data and adds business intelligence to security data, from Active Directory, business applications or IAM solutions.

  • Enrich events at runtime
  • Correlate events with built-in business centric information (AD, IAM, HR Databases, other relevant data-sources)
  • Greater flexibility by using programmatic based event log parsing / transformation / duplication and decision
  • Generate events based on custom criteria at log parsing runtime
  • Allow if-then-else statements on how to treat events, incidents and security data


CyberQuest brings order into chaos by ensuring multiple data-source and platform correlation, regardless of the technology used.

  • Get new insight from multiple custom correlation rules
  • Correlate Network / security with application data / Active Directory / IAM
  • Offline or online data correlation


CyberQuest offers one single point of access to security data and makes it available for fraud detection, cybersecurity, internal security or compliance: all in one place, for enhanced decision-making capabilities.

  • Quick access to event data: 5 seconds access across billions of events
  • Unique drill up / drill down investigative process
  • Visual interactive investigations
  • Integrate physical security data – access cards, video
  • Turbocharge existing data with configurable anomaly detection patters in network / applications

Detect, Investigate, Report & Alert


CyberQuest uses the latest generation No-SQL database, being able to find related data based on specific criteria in terms of seconds, instead of hours in the case of traditional database technologies.


The investigation module presents the audited data using a graphical interface, enabling security investigators to access the correlated view of security information through a single dashboard. Audit trees are context sensitive and contain correlated data based on predefined user criteria.


CyberQuest’s set of predefined, scheduled reports ensure compliance based on internationally recognized standards and frameworks ISO 27001, COBIT, FISMA, HIPPA, PCI/DSS, SOX.


CyberQuest contains an innovative alerting system with user-defined alerts, addressing the most specific security requirements, ensuring great accuracy and minimum false alerts, in order to enable immediate measures.

Data, Case & Incident Management


  • Ensure non-repudiation
  • Archive, encrypt, compress, digitally sign, leverage existing storage space
  • Easy scale, both horizontally and vertically
  • Distribute event log data on multiple machines


  • Manage and collaborate on incidents and investigation cases
  • Access on a ‘need-to-know’ basis


With CyberQuest’s powerful dashboards, you can make rapid, informed decisions and react to alerts, incidents and anomalies in real-time.

Data is quickly sliced and thoroughly organized into multiple categories of information, to offer real-time, context-sensitive overviews. This context can be very simple, from data filtered on just a plain user, machine, IP address or any combination of these, to very complex, based on logical expressions.

Use cases

Cyber Security

Compromised Users Detection

Pinpointing all suspicious users accounts, based on its sophisticated Anomaly Analyzer self-learning mechanism, without the use of predefined rules or heuristics.

Connections Details

Connections can be genuine or bogus. Suspicious behavior may include connection attempts on closed ports, blocked internal connections, a connection made to bad destinations etc., using data from firewalls, network devices or flow data. External sources can be further enriched to discover the domain name, country and geographical details.

Abnormal Administrative Behavior

Monitoring inactive accounts, accounts with unchanged passwords, abnormal account management activities etc., using data from AD account management related activities.

Intrusion Detection and Infections

This can be done by using data from IDS/IPS, antivirus, anti-malware applications, firewall logs, NIPS alerts and Web proxy logs, as well as internal connectivity logs, network flows, etc.


Statistical Analysis

Statistical analysis can be done to study the nature of data. Functions like average, median, quartile etc. can be used for this purpose. Numerical data from all kind of sources can be used to monitor relations like the ratio of inbound to outbound bandwidth usage, data usage per application, response time comparison etc.

System Change Activities

Using collected data for quickly identifying the changes in configurations, audit configuration changes, policy changes, policy violations and the like.


Malicious Insider Identification

Edward Snowden is the most famous example of a legitimate contractor who accessed, collected and made use of highly sensitive data from the NSA, the company he was serving. This proves that no organization is immune to inside threats of this kind.

CyberQuest is able to identify users and contractors having a high-risk activity or access sensitive data, by investigating their behavior history log by log, second after second.

Information Theft

Data exfiltration attempts, information leakage through emails etc., using data from mail servers, file sharing applications etc.

Malicious Intruders Identification

There is a person within the company’s structure who was monitored, investigated and recognized for security information leak/stealing. The company’s security team would like to be alerted as soon as he sets foot in the building.

The native integration with physical security module NEC NeoFace® allows CyberQuest to alert security admins immediately when a blacklisted/whitelisted person passes in front of a registered camera within the CCTV network. The application automatically sends an email/message alert in real time.

IT Security

Authentication Activities

Abnormal authentication attempts, off-hour authentication attempts etc., using data from Windows, UNIX and any other business application that requires authentication.

Sensitive Data Access Investigation

The access of enterprise users to databases, file share systems and applications may have hidden, high-risk patterns. While some actions may be considered more suspicious than others, access becomes riskier when it’s in the hands of certain high-risk users.

CyberQuest uses its dedicated set of innovative modules to analyze users’ access to databases, file share systems, and applications, and to automatically pinpoint suspicious access activities.

Shared Accounts

Multiple sources (internal/external) making session requests for a particular user account during a given time frame, using login data from sources like Windows, Unix etc.

Security Events Verification

Information Security needs second prioritization of events for monitoring, by enriching SIEM/FW/IDS/DLP systems with big data machine learning-based analytics on users. SIEM systems manage rule-based events that are correlated and prioritized in real-time. CyberQuest ensures a better prioritization of events, based on non-rule-based big data and historical data analysis.

CyberQuest collects events and data from:

Networks (switches, routers, wireless devices, firewall, proxy servers, intrusion detection / prevention systems, NetFlow)

  • CISCO – ASA ,routers, switches, ISE
  • F5
  • SonicWall
  • Fortinet
  • Paloalto
  • Checkpoint
  • Imperva

Databases (operational logs, security logs, custom data)

  • SQL Server
  • MySQL
  • Oracle Database
  • PostgreSQL

Operating systems (security, system, application, setup, printing, sharing, Active Directory logs)

  • Windows
  • Linux
  • UNIX

Business applications

  • E-mailing – Microsoft Exchange, dovecot
  • Web servers – Microsoft IIS, Apache, Nginx
  • CRM, ERP

Security Applications

  • IAM
  • Antivirus – McAfee, Symantec, Eset
  • Video analytics modules – Nec Neoface
  • Custom security applications
  • Data Loss Prevention
  • Vulnerability management solutions – Rapid7 Nessus


  • Splunk
  • AlienVault
  • IBM QRadar
  • ArcSight
  • LogRhythm
  • InTrust
  • other

Other applications

  • Hypervisors
  • Firewall / UTM  – Sophos, Microsoft ISA, TMG
  • IPS / IDS
  • UPS
Cyberquest Logo

Thank you for your interest in our software.

We have two versions of our platform which you can download immediately.
Please select the version you would like to download and continue.

Please note downloads are complete virtual machines of approximately 4GB

Cyberquest Logo
Cyberquest Logo

Microsoft Hyper-V Download

Please fill out the form below and download Cyberquest Free Edition for VMware.

Cyberquest Logo

VMware Download

Please fill out the form below and download Cyberquest Free Edition for VMware.

Cyberquest Logo

Thank you

We have just sent you an email with your credential and installation details.
Should you not receive the email or require further assistance
Please contact us here on chat or email us at