Open XDR Platform

What stands out most about Stellar Cyber is how well it brings together data from different security tools into a single, easytouse interface. Instead of juggling multiple dashboards, alerts, and log sources, everything is consolidated in a way that makes sense for daytoday security operations. I especially appreciate how quickly the platform turns raw data into something analysts can act on. The event correlation and guided investigation views make it much easier to understand the context behind alerts without having to reverseengineer the story yourself. This saves a lot of time during triage and reduces the backandforth normally required in a SOC. Another aspect I like is the balance between automation and analyst control. Automated detection helps surface issues early, but the platform still gives you the freedom to dig deeper and validate findings instead of forcing a blackbox approach. It feels like a tool designed to support analysts rather than replace them. Overall, the best part of Stellar Cyber is how much it simplifies the workflow. It reduces noise, connects the dots between different systems, and makes investigations feel more structured and efficient.

What stands out most about Stellar Cyber is how well it brings together data from different security tools into a single, easytouse interface. Instead of juggling multiple dashboards, alerts, and log sources, everything is consolidated in a way that makes sense for daytoday security operations. I especially appreciate how quickly the platform turns raw data into something analysts can act on. The event correlation and guided investigation views make it much easier to understand the context behind alerts without having to reverseengineer the story yourself. This saves a lot of time during triage and reduces the backandforth normally required in a SOC. Another aspect I like is the balance between automation and analyst control. Automated detection helps surface issues early, but the platform still gives you the freedom to dig deeper and validate findings instead of forcing a blackbox approach. It feels like a tool designed to support analysts rather than replace them. Overall, the best part of Stellar Cyber is how much it simplifies the workflow. It reduces noise, connects the dots between different systems, and makes investigations feel more structured and efficient.

The user interface is extremely unfriendly to work with. For example, in the threat hunting view, the way to choose the date and time contains a slider for hours and minutes which is a poor choice of time selection. Then there are a number of little UI nuances like if you auto-size all the columns in a table (threat hunting, alerts, and cases) then switch to the next page it will reset your column sizes. The correlation engine doesn't always create a reliable case in terms of related telemetry. You might get a case for a Windows event log that contains a process creation for an abnormal parent/child process but then in the same case a DNS query to a website that hasn't been visited in over 300 days which are both completely unrelated. There are many limitations on how to search for telemetry in the system. For example, if you're trying to search for the network traffic surrounding a process you will have to be mindful of what indices you're looking at. If you select more than one indice while reviewing logs ie. traffic, windows logs, firewall logs etc. You will be limited to the last 24 hours. This is also the same when trying to compare the traffic that is being created by certain processes. What this means is that anything that requires multiple indices to investigate past 24 hours is going to take you significantly longer to correlate it together. When it comes to abnormal parent and child processes, there is no way for the Stellar system to track the storyline of process lineage. Your alert might have an abnormal parent of notepad.exe spawning a child process notepad.exe and the only way to find out the true parent is by searching potentially hundreds of logs manually just to find out that werfault.exe was the true parent that triggered the alert.

The user interface is extremely unfriendly to work with. For example, in the threat hunting view, the way to choose the date and time contains a slider for hours and minutes which is a poor choice of time selection. Then there are a number of little UI nuances like if you auto-size all the columns in a table (threat hunting, alerts, and cases) then switch to the next page it will reset your column sizes. The correlation engine doesn't always create a reliable case in terms of related telemetry. You might get a case for a Windows event log that contains a process creation for an abnormal parent/child process but then in the same case a DNS query to a website that hasn't been visited in over 300 days which are both completely unrelated. There are many limitations on how to search for telemetry in the system. For example, if you're trying to search for the network traffic surrounding a process you will have to be mindful of what indices you're looking at. If you select more than one indice while reviewing logs ie. traffic, windows logs, firewall logs etc. You will be limited to the last 24 hours. This is also the same when trying to compare the traffic that is being created by certain processes. What this means is that anything that requires multiple indices to investigate past 24 hours is going to take you significantly longer to correlate it together. When it comes to abnormal parent and child processes, there is no way for the Stellar system to track the storyline of process lineage. Your alert might have an abnormal parent of notepad.exe spawning a child process notepad.exe and the only way to find out the true parent is by searching potentially hundreds of logs manually just to find out that werfault.exe was the true parent that triggered the alert.