This image shows the basic data flow in and out of the Oracle Container Engine for Kubernetes (OKE) cluster.

Data from log collection engines, API connectors, and Stellar Cyber's own sensors, such as network sensors, security sensors, server sensors, container sensors, and deception sensors is ingested into a node pool where the data is processed by Kafka and passed to Flink for normalization and enrichment. Enriched data is stored in Oracle Cloud Infrastructure Object Storage for long-term storage.

Elastic Stack is deployed in two separate OKE node pools: one for Elasticsearch (master) and one for the Elasticsearch data lake (data). The normalized and enriched data from Flink is passed to Elasticsearch for retrieval and analysis. The raw data is stored in the Elasticsearch data lake which uses Oracle Cloud Infrastructure Block Volumes.

The Machine learning (ML) container interacts with Elasticsearch and provides data to the services container to be presented to the user.

The user interface and API allow users to examine, analyze, and visualize their data. For customers who require email alerts, Oracle Cloud Infrastructure Email Delivery services are used to generate notifications.