RuSIEM features

Specification

RuSIEM is a commercial version of the SIEM (Security information and event management) class, which includes real-time correlation, data visualization and search, long-term storage of raw and normalized events, embedded incident management and reports.

Unlimited:

  • Storage size (amount of size)
  • Long-term database
  • Users
  • Agents
  • Searches
  • Sources and devices
  • Reports
  • Correlations rule
  • Dashboards

Features

  • unlimited number of connected sources and users (operators)
  • collection of events from sources
  • normalization of events on a single taxonomy
  • symptomatology: tagging of events with phrases understandable to the operator
  • individual representations for each operator
  • search and navigation through events
  • sort / group and visualize search
  • formation of saved queries by the operator for prompt data output
  • risk management: determining the weights of events according to their content through symptoms
  • the ability to override the weight of events by the operator
  • creating your own symptoms by the operator
  • longterm storage
  • event navigation
  • display on dashboards widgets
  • building reports
  • generating and sending reports on a schedule
  • Internal / LDAP / hybrid authentication
  • role access model
  • management of agents from the web interface
  • control of other nodes from the web interface
  • realtime correlation
  • creation of new correlation rules by operators in the graphic designer without writing code
  • use of lists in correlation rules
  • notification in case of triggering a correlation rule
  • change of a template of sent notifications by the operator
  • registration of the incident in the builtin workflow built by ITIL
  • start of proactive action (script) when a correlation rule is triggered
  • formation of a new event as a result of triggering a correlation rule
  • separation of access and scope in incident management in accordance with the role model
  • change of scopes in incident management in case of reassignment / escalation of incidents, or setting tasks within an incident
  • escalation / reopening / reassignment of incidents
  • setting objectives in incidents
  • task email notification
  • case solution: Interactive entrance without access to the office with ACS integration

Scale

  • Scaled vertically (by branch)
  • Scaled horizontally (performance)
  • Unlimited in storage and EPS
  • Installing a node cluster for the database
  • It is possible to separate the roles of components across different servers.
  • Distributed correlation
  • Distributed search without transfer data between of the branches