Is the data collected by an On Premise Crystal Eye XDR appliance stored on the device and would I have access to the Crystal Eye XDR without having to go to the cloud?
All signals and data generated within your network will be stored locally on the Crystal Eye XDR appliance, which can be accessed via the Crystal Eye interface hosted on the device itself. This is accessible directly via the LAN management port at https://crystaleye.lan:81 or https://10.10.1.1:81 (default IP address).
Depending on your SIEM subscription or security services purchased, device telemetry and user-scheduled events (Vulnerability Scans, Packet Capture and Analysis) will be sent back to our SOC for monitoring and analysis.
Our cloud interface known as Orchestrate (or Client Dashboard) gives administrators the ability to monitor the status of one or many Crystal Eye Appliances and manage access to reports generated by the Crystal Eye Appliance like incident response updates, vulnerability scan reports, packet capture reports etc.
All this locally stored data is one of the reasons the Crystal Eye appliance has more storage on board than most competing products and teaming this with further extended storage options allows appliances to store potentially years of logging.
How is data handled by the Crystal Eye Endpoint Application?
Crystal Eye Endpoint Applications communicate back to the linked Crystal Eye Appliance with events and alerts stored on the Crystal Eye Appliance.