Click RtSA Platform

A typical platform starter solution will require at least one Data Mining Unit (DMU) and one Module Processing Unit (MPU).

The DMU. The eyes and ears.

The Data Mining Unit (DMU) sits in a network’s Layer 3 domain, where log, flow and event telemetry streams can be gathered for intelligent processing.  DMUs run Miner Modules - which collect raw data feeds from firewalls, IPS's, web proxy servers, etc. and pass those feeds to the MPU.  

DMUs performs the following functions:

  • Runs Miners, which gather telemetry data from the network environment
  • Archives Miner data in native form as well as forwarding raw streams to the MPU.
  • Performs some pre-processing of data for secondary use prior to forwarding to the MPU

Deployments typically include several DMUs, which interface with the other devices within your network to collect the basic inputs needed by the Click Modules.

The MPU. The brain.

The Module Processing Unit (MPU) is where all Interpreter Modules, Analyzer Modules, Applications and Workbooks reside.  It is also the user administration interface point, and the pathway for module insertion from Click's module library. The MPU performs a host of key functions:

  • System administration
  • Provides I/O and run time for all Click Analytic Modules
  • Supports the Dynamic Workbook and other analyst features – where all investigation and collaboration activity is performed

As referenced in the Technology section of the site, the platform itself contains:

  • Interpreter Modules
  • Base Analyzer Module Packs
  • LT Data Store
  • Ability to create your own Workbooks and Modules

Example Base Analyzer Packs – including a representative set of modules within each are shown below:

Entity Core

  • Flow
  • Authentication
  • Access
  • Security Event

Base Visualization Pack

  • Generic Portlet
  • Parallel Coordinates
  • Charting
  • Tables
  • Filtering
  • Transformation

Base Augmentation Pack

  • Geo
  • Whois
  • DNS
  • LDAP

Base Action Pack

  • Email
  • Alert
  • SSH
  • Remote Powershell

The number and type of packs, as well as the modules within each pack, will expand over time.

Following is a high-level deployment diagram that shows a range of example telemetry sources feeding into DMUs, which subsequently forward data feeds into an MPU for all analytics processing, module retrieval from the Click Library, and analyst interaction.