Platform Overview

How BluScout works, what it monitors, and what your team gets access to.

What is BluScout

BluScout is a unified security operations platform that combines SIEM and endpoint detection capabilities into a single interface.

It ingests, parses, and analyzes data from endpoints, network devices, and log sources to detect threats in real time — whether you're monitoring a single laptop or thousands of servers.

The platform is built around five core pillars: endpoint visibility, an advanced detection engine, forensic investigation tools, centralized log collection, and analytics with capacity forecasting.

Core Capabilities

The five pillars of BluScout's security operations platform.

Endpoint Visibility

Granular insight into every device — process trees, network connections, system health, and resource usage in real time.

Advanced Detection Engine

Stateful and stateless detection rules, IOC matching against global threat feeds, and behavioral analysis for anomalies like C2 beaconing.

Forensic Explorer

Search millions of log events instantly, perform deep packet inspection across OSI layers, and reconstruct attack timelines.

Centralized Collection

Virtual Log Collectors aggregate logs from isolated subnets, firewalls, and switches before securely transmitting to the platform.

Analytics & Forecasting

Monitor events per second, track data usage trends, and predict monthly capacity to prevent storage issues before they happen.

Threat Intelligence

Automatic ingestion from ThreatFox and AlienVault OTX, plus custom IOC uploads (IPs, domains, URLs, hashes) with real-time matching.

How Data Flows

From deployment to investigation — the path your data takes through BluScout.

1

Deploy

Install lightweight agents on endpoints or configure network devices to send logs to a collector.

2

Ingest

Data is securely transmitted to the BluScout Manager over encrypted channels.

3

Process

The Log Decoder parses raw data into structured, searchable fields using built-in and custom parsers.

4

Detect

The Detection Engine evaluates parsed data against alert rules and threat intelligence feeds in real time.

5

Investigate

Alerts surface in the dashboard. Analysts use the Explorer to search logs, packets, and endpoints with full context.

Key Modules

What your team gets access to inside the platform.

Dashboard

Real-time KPIs, alert severity breakdown, threat map, and top traffic sources at a glance.

Endpoints

Per-host details including processes, disks, network connections, interfaces, and system performance.

Alerts & IOCs

Chronological alert inbox with severity levels, raw log drill-down, and a dedicated IOC hits view.

Packet Explorer

Network session analysis, deep packet inspection across all OSI layers, beacon detection, and scan analysis.

Log Explorer

Full-text log search with interactive filtering, saved queries, event normalization, and error replay.

Analysis Tools

Beacon detection with statistical scoring, scan detection with confidence levels, and miscellaneous protocol inspection (ARP, ICMP, STP).

Detection Rules

Stateless and stateful rule builder with boolean logic, threshold windows, MITRE tagging, and custom matchers.

Analytics

Daily event volume, EPS monitoring, storage consumption tracking, and month-end capacity forecasting.

Full documentation available after onboarding

Detailed setup guides, configuration references, and admin documentation are provided to customers during deployment.

Get started