Module Cyber Security
The Cyber Security module serves as a substantive foundation for building SIEM. Utilizing the Cyber Security module allows leveraging years of experience in the field of security incident detection and prevention. The set of correlation rules and functional dashboards is constantly updated, ensuring the relevance and effectiveness of your security system.
The module enables obtaining information about the operation of all necessary information security tools (ISPs) from domestic and foreign manufacturers from a single console. The module implements correlation mechanisms between events from various ISPs, allowing the detection of security events that are not identified by any ISP individually.
Functional Characteristics
Set of Correlation Rules
Cyber Security includes a set of rules for detecting information security incidents. The rules are categorized by criticality level and tagged based on event types and data sources they rely on.
Tags for Quick Search
In addition to tags related to the used data sources, a rule can have tags corresponding to techniques from the MITRE ATT&CK knowledge base, CVEs, or arbitrary user-defined tags.