Skip to main content
Loading...

RuSIEM is a commercial version of the SIEM (Security information and event management) class, which includes real-time correlation, data visualization and search, long-term storage of raw and normalized events, embedded incident management and reports.

Unlimited:

  • Storage size (amount of size)
  • Long-term database
  • Users
  • Agents
  • Searches
  • Sources and devices
  • Reports
  • Correlations rule
  • Dashboards
  •  unlimited number of connected sources and users (operators)
  •  collection of events from sources
  •  normalization of events on a single taxonomy
  •  symptomatology: tagging of events with phrases understandable to the operator
  •  individual representations for each operator
  •  search and navigation through events
  •  sort / group and visualize search
  •  formation of saved queries by the operator for prompt data output
  •  risk management: determining the weights of events according to their content through symptoms
  •  the ability to override the weight of events by the operator
  •  creating your own symptoms by the operator
  •  longterm storage
  •  event navigation
  •  display on dashboards widgets
  •  building reports
  •  generating and sending reports on a schedule
  •  Internal / LDAP / hybrid authentication
  •  role access model
  •  management of agents from the web interface
  •  control of other nodes from the web interface
  •  realtime correlation
  •  creation of new correlation rules by operators in the graphic designer without writing code
  •  use of lists in correlation rules
  •  notification in case of triggering a correlation rule
  •  change of a template of sent notifications by the operator
  •  registration of the incident in the builtin workflow built by ITIL
  •  start of proactive action (script) when a correlation rule is triggered
  •  formation of a new event as a result of triggering a correlation rule
  •  separation of access and scope in incident management in accordance with the role model
  •  change of scopes in incident management in case of reassignment / escalation of incidents, or setting tasks within an incident
  •  escalation / reopening / reassignment of incidents
  •  setting objectives in incidents
  •  task email notification
  •  case solution: Interactive entrance without access to the office with ACS integration
  • Scaled vertically (by branch)
  • Scaled horizontally (performance)
  • Unlimited in storage and EPS
  • Installing a node cluster for the database
  • It is possible to separate the roles of components across different servers.
  • Distributed correlation
  • Distributed search without transfer data between of the branches