Description
SecureVisio SIEM
SecureVisio is equipped with powerful, advanced mechanisms for collecting and storing event information from the entire IT infrastructure. The system allows you to collect logs via the syslog protocol, Windows Event Forwarding, and API interfaces, and to read data from text files, databases, and even e-mail accounts. It uses a flat file-based database which allows for very high performance. Built-in automatic archiving mechanisms enable long-term, central, or distributed data storage on the disk volume selected by the system administrator.
Parsing mechanisms
The system is equipped with a constantly updated set of event parsers for handling various data sources. The regex, xml, json, conditional, and subordinate parsing mechanisms, the graphical parser creation interface, and the built-in debugger are powerful tools that can parse and normalize data from any source. The normalization process transforms the collected data into information that can be searched and processed.
A unique set of possibilities
The system is equipped with automatic event correlation mechanisms and a constantly updated set of correlation rules based on matrices such as MITRE ATT&CK. Its advanced, highly flexible correlation engine offers a unique set of capabilities:
-
Create events based on other events;
-
Creating incidents based on events;
-
Assigning priorities based on context;
-
Scoring mechanism dependent on resource profiles;
-
Creating and referencing reference arrays;
-
Including resources related to incidents (type of resource and its role in the organization, technical and business processes at risk, type of data processed, potential consequences of the incident, attack vectors, risk analysis results) in the context correlation;
-
A graphical interface for creating correlation rules.