Security event management

Gathering security events is a very important factor but having the ability to analyse them consistently is another. With the Security Information and Event Management solution that we offer, you can centrally analyse information such as logs, flows and contextual data throughout your environment, in short, security events, no matter how disparate your data sources are.

Characteristics

More speed

Get search results in seconds with the speed of a schema-on-write architecture. Explore custom dashboards, dive into events of interest, and navigate underlying data.

Operates at scale

Allows you to manage security data per petabyte. Keep it for as long as you want and take advantage of the big picture when you need it most.

Protection during collection

Collecting host data and blocking malware is easier than ever. Deploy an agent to your endpoints and complete new use cases with just one click.

Ingest from anywhere

Quickly ingest and analyse data from your cloud, network, endpoints, applications, or really, any source you want.

Host and network events

View specific host and network events for data senders and agents. Expand each category for specific host counts or network events related to the category.

Network view

Key network activity metrics and an interactive map, network event tables that allow interaction with the timeline. You can drag and drop items of interest from the network view to the timeline for further investigation.

Map

Provides a visual overview of your network traffic. It is interactive, so you can start exploring data directly from the map.

Detection view

Overview of all signals created by signal detection rules. It is also the place where you can enable predefined rules and create new rules. Detections (beta) provides a detailed description of detections and how to use them.

Timeline

Use Timeline as your workspace for threat search or alert investigations. Data from multiple indexes can be added to a timeline, allowing you to investigate complex threats, such as lateral movement of malware on hosts on your network.

Hosts view

The Hosts view provides key metrics regarding host-related security events and a set of data tables that allow you to interact with the Timeline Event Viewer. You can drag and drop items of interest from the tables in the Hosts view to the Timeline for further investigation.