Understanding Echo and its stack

Echo is a distributed, micro-service oriented stack of components working together to provide a coherent experience for the Cybersecurity analyst, operator and CISO.

Echo’s stack can be separated into three groups:

Each of the layers uses its own set of containers for its runtime and all layers interact via REST API.

Container runtime is managed by Docker which provides operations and scheduling for the framework. Docker allows Echo to use a Central Registry to manage the different container images and versions, this allows for a simpler deployment and update procedures.

Echo’s service discovery is based on Swarm and supports running Echo on a large scale cluster for larger deployments. Swarm also provides a simple scale up/down mechanism used to allow operators to grow and shrink with their data needs. These mechanisms allow Echo to offer High Availability across the stack and ensure optimal uptime while providing high response rates and slow query times.