The CyberStash Eclipse.XDR Network Gateway collects the following types of data:
- IP Traffic Metadata: Includes source and destination IP addresses, source and destination ports, traffic flow direction (inbound or outbound), and actions taken (allowed or blocked).
DNS Traffic:
- Query Name: The domain name being queried.
- Query Type: The type of DNS query, such as A, AAAA, MX, or CNAME.
- Query Class: The class of the DNS query (usually IN for Internet).
- Response Code: The code indicating the result of the DNS query (e.g., NOERROR, NXDOMAIN).
- Response Data: The data returned in response to the DNS query, such as IP addresses or domain names.
- Query Timestamp: The time when the DNS query was made.
- Query Source: The IP address of the client making the DNS query.
-
GEO-IP and ASN Correlation:
Correlates destination IP addresses with GEO-IP and Autonomous System Number (ASN) data for enhanced threat analysis.
Data Not Collected
- Sensitive or Personally Identifiable Information (PII).
- The Eclipse.XDR Network Gateway does not collect PII or sensitive personal data.
- Deep packet data.
This approach ensures that the data collected is relevant for network security and threat detection while respecting privacy and compliance requirements.