3
WHAT IS SIEM?
SIEM (Security Information and Event Management) – is a solution for monitoring and analysis all network activity in a company.
SIEM SOLUTION IS REQUIRED FOR
SIEM is required for any company with computer infrastructure. You will be able to control all your network and program devices, working stations, servers, printers, websites, ACMS, mobile applications with the help of SIEM solution.

SIEM = IMPROVED SYSTEM FOR DETECTING MALICIOUS ACTIVITY
OUR PRODUCTS
RuSIEM
RuSIEM - is a commercial version of the SIEM (Security information and event management) class, which includes real-time correlation, data visualization and search, long-term storage of raw and normalized events, embedded incident management and reports.
RuSIEM Analytics
RuSIEM Analytics - is a module for the commercial version that complements the AI (artificial intelligence), DL (data learning), asset management, and many other features to enhance the ability to detect various threats in a timely manner, solve many cases and visualize data.
RuSIEM free
RvSIEM free - is LM (Log Management) class solution. It has reports, normalization, data search, long-term event storage, dashboards and visualization tools.
Symptomatics
There is no need to remember the event text and event.id. Symptoms help you quickly find an event among millions of others. Operator-friendly symptoms names can be used in a search for events, reports, correlations.
Asset management
IT assets in RuSIEM Analytics are filled automatically from events, flow, network traffic data in real time. The asset template and its contents can be changed by the user.
Correlations
Real-time correlation provides prompt detection of threats and anomalies. A flexible and easy-to-use graphical designer of correlation rules ensures the creation of any user rules without knowledge of the code.
Incident management
Incident management ensures the interaction of teams and personnel in the operational solution of problems and incidents. Incidents visibility allows to maintain confidentiality. Inside the incident, you can assign tasks. Incident management is built according to the ITIL standard.
Long-term storage and search query
The solution stores both normalized and raw events over a long storage interval. Flexible event search allows you to search for events on any storage interval, to carry out both exact and regexp, partial search. Grouping, counting quantitative data, calculating averaged values, various visualization parameters will satisfy any needs.
Reports
The graphic designer allows you to customize any report format, change the location of the data in the report, logo, fonts, add and arrange graphic data. Running reports on a schedule and emailing selected recipients can be aware of what is happening.
Baseline and DL (data learning)
Baseline and DL (data learning) allow you to identify anomalies and threats without the need to create correlation rules for each case.
Vulnerability management
Vulnerability management provides vulnerability detection and timely notification of them. Vulnerability detection is performed over network traffic and based on events. Integration with Snort ensures the availability of data on open ports, services used and operating systems.
Authentification tracking
Authentication tracking allows you to create custom rules for any system and track user login parameters. If a user logged on in from another ip address or browser, an incident is created. In addition to ip and browser it is possible to specify other criteria.
Threat intelligence feeds
Threat intelligence feeds provide common threat detection patterns. The patterns are the ip address, md5, sha1 hashes, fqdn and url addresses that come regularly with updates. The user can create his own patterns and import his feeds.

Why RuSIEM?

WHY OUR SOLUTION IS SUITABLE FOR YOU?
  • We help from the pilot to the full integration
  • It is simple to install, customize and adapt to your everyday needs
  • Easy to use
  • We provide free trainings for our partners and clients
  • All types of data from any source may be used for enter. We help with connection of new and not typical sources
  • You are looking for solution fully meets the Standards and demands of regulators

Clients

About
RUSIEM is a Russian provider. Company develops cybersecurity software for monitoring and management based on the analyses of real-time data. It was founded in 2014 and is a resident of Skolkovo.
professional technical team
Pilot implementations
resident of Skolkovo
Partners in the Commonwealth of Independent States
Beginning of development
product in the registry of Russian software
Worldwide Count of installations during 2017