Open XDR Platform

What stands out most about Stellar Cyber is how well it brings together data from different security tools into a single, easytouse interface. Instead of juggling multiple dashboards, alerts, and log sources, everything is consolidated in a way that makes sense for daytoday security operations. I especially appreciate how quickly the platform turns raw data into something analysts can act on. The event correlation and guided investigation views make it much easier to understand the context behind alerts without having to reverseengineer the story yourself. This saves a lot of time during triage and reduces the backandforth normally required in a SOC. Another aspect I like is the balance between automation and analyst control. Automated detection helps surface issues early, but the platform still gives you the freedom to dig deeper and validate findings instead of forcing a blackbox approach. It feels like a tool designed to support analysts rather than replace them. Overall, the best part of Stellar Cyber is how much it simplifies the workflow. It reduces noise, connects the dots between different systems, and makes investigations feel more structured and efficient.

The graphs and ability to create your own dashboards are great. Case correlation, when working as expected, is perfect for reviewing related alerts. Visual representations of telemetry help zoom in on the most important data, and help ignore the noise.

1. Well-Structured Ticketing and Customer Feedback Process Stellar Cyber has a highly responsive and well-organized ticketing system. When issues or feature requests are submitted, the feedback loop is clear and proactive. Even functionalities that are not currently available can be formally requested, and in many cases, they are reviewed and incorporated into future updates. This demonstrates a strong commitment to customer collaboration and continuous product improvement. 2. Exceptional Log Parsing and Normalization Capabilities Stellar Cyber offers powerful log parsing and normalization capabilities, making it highly effective for consolidating logs from diverse sources. Whether integrating network, endpoint, cloud, or third-party security tools, the platform ensures consistent data structure and high-quality visibility. This significantly reduces integration complexity and enhances overall threat detection accuracy. 3. Intuitive and User-Friendly Interface The platform features a clean, intuitive UI that allows analysts to quickly navigate, investigate, and respond to threats. Even complex security data is presented in a clear and actionable manner, which reduces the learning curve and improves operational efficiency for both experienced and junior security teams.

The main drawback Ive noticed with Stellar Cyber is that some parts of the platform still feel a bit complex during the initial setup phase. While the interface is generally userfriendly, getting all data sources integrated and tuned can take longer than expected, especially in environments with many legacy systems or unique log formats. Another point of frustration is that certain advanced features require more configuration than the platform initially suggests. For example, automated workflows and some specialized detections work well once finetuned but getting them calibrated for a specific environment may demand deeper technical knowledge or additional time from the SOC team. Lastly, although the platform provides a lot of visibility, the volume of information can occasionally feel overwhelming until the filters and noisereduction settings are fully optimized. Its not a dealbreaker, but it does mean the platform may require a little more time investment upfront to get the most value out of it.

The user interface is extremely unfriendly to work with. For example, in the threat hunting view, the way to choose the date and time contains a slider for hours and minutes which is a poor choice of time selection. Then there are a number of little UI nuances like if you auto-size all the columns in a table (threat hunting, alerts, and cases) then switch to the next page it will reset your column sizes. The correlation engine doesn't always create a reliable case in terms of related telemetry. You might get a case for a Windows event log that contains a process creation for an abnormal parent/child process but then in the same case a DNS query to a website that hasn't been visited in over 300 days which are both completely unrelated. There are many limitations on how to search for telemetry in the system. For example, if you're trying to search for the network traffic surrounding a process you will have to be mindful of what indices you're looking at. If you select more than one indice while reviewing logs ie. traffic, windows logs, firewall logs etc. You will be limited to the last 24 hours. This is also the same when trying to compare the traffic that is being created by certain processes. What this means is that anything that requires multiple indices to investigate past 24 hours is going to take you significantly longer to correlate it together. When it comes to abnormal parent and child processes, there is no way for the Stellar system to track the storyline of process lineage. Your alert might have an abnormal parent of notepad.exe spawning a child process notepad.exe and the only way to find out the true parent is by searching potentially hundreds of logs manually just to find out that werfault.exe was the true parent that triggered the alert.

1. Occasional Minor Console Issues While the ticketing system is highly responsive and feedback is handled quickly, there are occasional minor console issues that appear after new version releases. These are typically small and addressed once identified, but in some cases, they may not be resolved until users report them. Continued refinement of pre-release testing could further enhance overall stability. 2. High Resource Requirements Because the platform collects and processes a significant volume of data by design, it naturally requires substantial system resources. In some environments, this can occasionally lead to service performance issues if resources are not sufficiently allocated. Providing more detailed and conservative resource sizing guidance during initial deployment would help customers plan infrastructure more effectively and prevent such challenges. 3. Opportunities to Expand the Knowledge Base Stellar Cyber already offers a strong Knowledge Base with valuable documentation. However, during real-world usage, users may sometimes encounter practical questions that are not yet covered. Expanding the Knowledge Base to include more scenario-based guidance and common operational questions could further improve the overall user experience and self-service capability.