This project is read-only.

Project Description
Proactive Investigator is a solution created for information security threat detection. It is an end-to-end solution, currently built on SQL Server 2008

Proactive Investigator software contains multiple components grouped under:
  • Collector - Windows Services to collect events from infrastructure sources like Windows Security, DNS Servers, and File Shares; a StreamInsight engine to process security events and provide realtime monitoring.
  • Analytics - ETL, Data Warehouse, and Multidimensional models to load events, store events, apply threat detection models, and load them into reporting/workflow structures for later review.
  • Investigator - UI tools to perform fast parallel queries, visualization for threat detection models, and case management tools.
Watch a conversation with Q&A on Proactive Investigator

Listen to lead developer Grant Babb discuss the history behind Proactive Investigator software

Beta Release
Note: this solution is used in production in a large corporate environment today. It is considered beta because it is being released to the community. When implementation issues have stabilized, we'll mark a production version release.

Last edited Oct 10, 2012 at 1:07 AM by grant_babb, version 14