RuSIEM features
Specification
RuSIEM is a commercial version of the SIEM (Security information and event management) class, which includes real-time correlation, data visualization and search, long-term storage of raw and normalized events, embedded incident management and reports.
Unlimited:
- Storage size (amount of size)
- Long-term database
- Users
- Agents
- Searches
- Sources and devices
- Reports
- Correlations rule
- Dashboards
Features
- unlimited number of connected sources and users (operators)
- collection of events from sources
- normalization of events on a single taxonomy
- symptomatology: tagging of events with phrases understandable to the operator
- individual representations for each operator
- search and navigation through events
- sort / group and visualize search
- formation of saved queries by the operator for prompt data output
- risk management: determining the weights of events according to their content through symptoms
- the ability to override the weight of events by the operator
- creating your own symptoms by the operator
- longterm storage
- event navigation
- display on dashboards widgets
- building reports
- generating and sending reports on a schedule
- Internal / LDAP / hybrid authentication
- role access model
- management of agents from the web interface
- control of other nodes from the web interface
- realtime correlation
- creation of new correlation rules by operators in the graphic designer without writing code
- use of lists in correlation rules
- notification in case of triggering a correlation rule
- change of a template of sent notifications by the operator
- registration of the incident in the builtin workflow built by ITIL
- start of proactive action (script) when a correlation rule is triggered
- formation of a new event as a result of triggering a correlation rule
- separation of access and scope in incident management in accordance with the role model
- change of scopes in incident management in case of reassignment / escalation of incidents, or setting tasks within an incident
- escalation / reopening / reassignment of incidents
- setting objectives in incidents
- task email notification
- case solution: Interactive entrance without access to the office with ACS integration
Scale
- Scaled vertically (by branch)
- Scaled horizontally (performance)
- Unlimited in storage and EPS
- Installing a node cluster for the database
- It is possible to separate the roles of components across different servers.
- Distributed correlation
- Distributed search without transfer data between of the branches