Skip to main content
Loading...

RuSIEM Analytics is a module for the commercial version that complements the AI (artificial intelligence), DL (data learning), asset management, and many other features to enhance the ability to detect various threats in a timely manner, solve many cases and visualize data.

  • installed as a module for the commercial version of RuSIEM
  •  detection of anomalies and threats without the mandatory compilation of correlation rules by AI (Artificial Intelligence) / DL (Data Learning) in real time
  •  possibility of using ML (Machine Learning) via PMML standard
  •  baseline on the analyzed indicators through the rules of analytics
  •  management of analytics rules by the user through a graphical interface
  •  output to widgets of indicators for baseline analytics
  •  registering incidents as a result of detection of anomalies and incidents
  •  asset Management
  •  dynamic asset formation (installed software, processes, services, patches, mac addresses, OS information) from real-time events, active and passive polling methods
  •  creating static and dynamic groups in assets
  •  audit of changes in assets in real time with the formation of events and the possibility of recording through the incident
  •  Standard comliance (PCI DSS) and Policy compliance reporting of compliance
  •  the ability to create a custom standard or policy (technical controls) and build a report on them
  •  Tracking Application / OS Audit Authentication with History Attribute Comparison
  •  formation of an incident when logging in from another IP / browser
  •  rule management and the ability of an operator to add authentication tracking rules
  •  feedlists containing IP / FQDN / URL / Hash threats lists
  •  analysis of feeds in real time with the formation of incidents in case of detection
  •  ability to add custom feeds
  •  the possibility of organizing black and white lists through feeds
  •  event generation of analytics and triggers
  •  updating the conditions of triggering the output of the analytics module to reduce false positives through the correlation rules
  •  Vulnerability management in real time by event active and passive polling methods
  •  browse vulnerabilities by embedded database and search by them
  •  display on assets of detected vulnerabilities
  •  incident registration upon detection of a vulnerability
  • Scaled vertically (by branch)
  • Scaled horizontally (performance)
  • Unlimited in storage and EPS
  • Installing a node cluster for the databases
  • It is possible to separate the roles of components across different servers.