Skip to main content

Both the commercial version of RuSIEM and the free version of RvSIEM have the ability to remotely manage nodes.

In a distributed infrastructure, there are many RuSIEM / RvSIEM servers that need to be managed. Servers can be connected in various ways, they can be independent. You can connect to servers via the web interface with the URL of the server to which you want to connect, but this is not always convenient. Therefore, it is possible to connect remotely from the same web interface without changing the URL and instantly switching to another server, where you can view incidents, add correlation rules, and change server settings. It is enough to select the node menu in the upper right corner, select the node itself and click the connect button.

The connection is made via the https protocol through the current API key on the node to which the connection is made and with the user rights on this node. The user may have limited rights, different from the rights in the node with which he connects. This is actual, for example, for SOC.

In the node editor it is possible to build a convenient topology with nesting for a more intuitive understanding of the server location.