The figure below gives a high level overview of nevisDetect and how it is embedded in the overall landscape of the NEVIS Security Suite.
nevisDetect consists of the following components:
- The nevisDetect Feature Correlator (1) receives the HTTP request from nevisProxy and passes it on to the message bus (2).
- nevisDetect Core (3) consumes the HTTP request from the message bus (2) and invokes the configured plug-ins.
- The plug-ins invoke the corresponding anomaly detection services. E.g., the BehavioSec plug-in invokes the BehavioSec service (4).
For simplicity's sake, only the BehavioSec plug-in and service are shown in the overview. However, the same applies to the nevisAdapt plug-in (and to other future plug-ins).
- The nevisDetect Persistency (5) service is used by nevisDetect Core for persisting user-related information in a database. The nevisDetect data in the database is organized by nevisDetect Schema (6).
- The whole system is configured and monitored by the nevisDetect Web App (8). The function of the nevisDetect Controller (7) service is to feed the nevisDetect Web App with data and code.
For a more detailed technical description, proceed with the next chapter, Technical architecture.