Log Sources

Astral supports the ingestion and monitoring of log data from a broad range of sources, enabling comprehensive visibility across different layers of the environment. This capability allows the platform to collect security-relevant information from operating systems, applications, infrastructure components, cloud services, and other technologies that generate structured or semi-structured logs. By consolidating these sources, Astral establishes a centralized foundation for security analysis and correlation.

Log collection can be performed through multiple methods, including direct monitoring of log and data files, agent-based collection, and API-based integrations. File-based monitoring enables Astral to observe local or remote data files in real time or near real time, ensuring that events generated at the system or application level are captured consistently. This approach supports a wide variety of log formats and use cases without requiring changes to the source systems.

For cloud and SaaS environments, Astral integrates through APIs to collect security and operational data directly from service providers. This model enables continuous visibility into cloud-native activity such as authentication events, configuration changes, resource usage, and service-level actions. API-based ingestion ensures that cloud environments are monitored with the same level of consistency and depth as on-premises infrastructure, even in highly distributed architectures.

Once collected, all log data is processed through Astral’s unified pipeline, where events are analyzed, interpreted, normalized, and correlated. This process transforms heterogeneous log formats into a consistent data model, allowing events from different sources and environments to be analyzed together. Through correlation and contextual enrichment, Astral connects log-based activity with network signals, identity events, and external risk information, supporting accurate detection, investigation, and response across the Inopli ecosystem.