Elysium Investigator



  • Collect events and signals from sources
  • Analyze the events and create signals (Using AI/ML internal algorithms)
  • Combining atomic signals into Incidents (Using Graph Model)
  • Mapping the incidents to MITRE frameworK
  • Scoring and Ranking the findings based on Risk Assessment (Graph ML/Anomaly Detection)


  • ​Process all 3rd party alerts/findings/alarms​
  • Continuous analysis and profiling of telemetry with risk-based scoring​
  • Create findings for all Rule and behavior based using ML
  • ​Aggregate all findings (Internal + 3rd party), Enrich with full context and correlate​ & Create Incidents
  • ​Prioritize the incidents with full 360 details (signals, enrichment, context)​


  • The transformation from Events => Signals => Alerts/Findings => Incidents
  • ​Incidents are prioritized​
  • 360 view of the incidents with full contexts​
  • Cut down MTTR by 80%​

There is a chronic problem in enterprises when it comes to handling incoming alerts emitted by corporate devices. These interconnected devices support business processes from operations and security use cases that require vigilant monitoring to that ensure corporate SLAs are met. This problem is amplified with the segue to the cloud infrastructure, (i.e. digital transformation), where companies can spin up new services and devices with the click of a button, producing an ocean of alerts and event data at a new scale. Though many solution providers say they are the “single pane of glass” to monitor your operational and security issues, this actually typically translates to 20 “panes of glass.” However, at Elysium Analytics, we understand that a solution requires a centralized approach that leverages a modern cloud platform like Snowflake where all data is in one data store. The catch is, once an enterprise achieves visibility of their data and alerts, analysts are overwhelmed with all the emitted alerts from the various devices. Therefore, Elysium implemented a new data pipeline all incoming signals from 3rd party app and provided the following functions on the incoming streams of alerts.


Combining weak signals from multiple components, users and entities (e.g, EC2, users, S3 buckets), into stronger signals of malicious intent​


Sharing externally acquired threat intelligence for better detection making and enrichment​


Providing centralized configurations with weighted guidance to help prioritize activities​


Converting a large stream of alerts into a condensed number of incidents that can be investigated efficiently


Elysium Analytics solves these issues for security teams that require visibility of all their log data, metrics and traces, and that require longer data retention. We load data from AWS, cloud apps and on-premises sources to Snowflake. Leveraging the Snowflake platform with its elastic infinite compute scale-up and scale-out capabilities as well as unlimited cloud storage, there is no operational overhead from adding nodes, migrating indexes, and re-adjusting shards. Additionally, you have full access to all the compute and storage you require on a pay-as-you-go basis. ​   Elysium Analytics not only offers a rich set of out-of-the-box alerting rules and pre-built dashboards to perform post-hoc investigation, but it also includes Auto-Investigation of incoming alerts for consolidation of alerts showing similar past behaviors of users and entities, and along with graphical visualization for quicker orientation of the issues to reduce MTTR. For example, Auto-Investigation rolls up and coming GuardDuty and Elysium Analytics ML-based findings into incidents that focus analysts on the correct targets. Furthermore, having the ability to drill down on user and entity activities to easily “follow the breadcrumbs” aids the security team in finding the root cause of a problem for quick remediation.