Module Cyber Security

The Cyber Security module serves as a substantive foundation for building SIEM. Utilizing the Cyber Security module allows leveraging years of experience in the field of security incident detection and prevention. The set of correlation rules and functional dashboards is constantly updated, ensuring the relevance and effectiveness of your security system.

The module enables centralized monitoring of all required domestic and foreign information security tools from a single console. It implements correlation mechanisms between events from different security tools, allowing the detection of security incidents that cannot be identified by any individual tool.

Functional Characteristics

Set of Correlation Rules

Cyber Security includes a set of rules for detecting information security incidents. The rules are categorized by criticality level and tagged based on event types and data sources they rely on.

Tags for Quick Search

In addition to tags related to the used data sources, a rule can have tags corresponding to techniques from the MITRE ATT&CK knowledge base, CVEs, or arbitrary user-defined tags.