Security Event Manager

SECURITY EVENT MANAGER AT A GLANCE

» Collects, consolidates, normalizes, and visualizes logs and events from firewalls, IDS/IPS devices and applications, switches, routers, servers, OS, and other applications

» Performs real-time correlation of machine data to identify threats and attack patterns

» Responds to suspicious activity automatically with Active Response, including blocking USB devices, killing malicious processes, logging off users, and more

» Eases compliance reporting and audits with out-of-the-box reports and filters for HIPAA, PCI DSS, SOX, ISO, DISA STIGs, FISMA, FERPA, NERC CIP, GLBA, and more

» Intuitive interface and ample selection of out-of-the-box content means you don’t need to be a security or compliance expert to get value from our SIEM solution » Affordable, scalable licensing based on log-emitting sources, not log volume

FEATURES:

Easy Collection and Normalization of Network Device and Machine Logs

  • Security Event Manager comes with hundreds of out-of-the-box connectors to simplify the process of collecting, standardizing, and cataloging log and event data generated across your network. Our industry leading log compression rate allows more data to be store with less resources required.

Customizable Visualizations and Dashboard

  • Quickly identify important or suspicious patterns in machine data with a wide variety of customizable visualizations and a flexible dashboard. Drill into interesting patterns with a click of a button and see the full list of related logs and their details.

Powerful and Simple Searching for Forensic Analysis and Troubleshooting

  • Security Event Manager is designed to allow users to quickly find important log data using simple keyword search in both real-time event data as well as historical data at predefined or custom time periods. Out-of-the-box and user-defined filters also provides fast data refinement.

Real-Time, In-Memory Event Correlation

  • By processing and normalizing log data before it’s written to the database, Security Event Manager can deliver true real-time log and event correlation. Predefine and custom correlation rules allow Security Event Manager to automatically alert on possible security breaches and other critical issues.

Out-of-the-Box Security and Compliance Reporting Templates

  • Security Event Manager makes it easy to generate and schedule compliance reports quickly using over 300 report templates and a console allowing for customizable reports to meet your organization’s specific needs.

Threat Intelligence Feed and Groups

  • Correlation rules are enhanced with a fully-integrated, regularly updating threat intelligence feed that automatically identifies and tags malicious activity from known bad IPs. Easily build groups containing values relevant to your environment, such as user and computer names, sensitive file locations, and approved USB devices. These groups can be auto-populated via correlation rules and simplify searching and reporting.

Built-in Active Response

  • Security Event Manager can do much more than trigger email alerts. SEM is designed to immediately respond to security, operational, and policy-driven events using predefined responses, such as quarantining infected machines, blocking IP addresses, killing processes, and adjusting Active Directory® settings.

Enhanced, Real-Time File Integrity Monitoring

  • Embedded File Integrity Monitoring (FIM) is designed to deliver broader compliance support and deeper security intelligence for insider threats, zero-day malware, and other advanced attacks. Leverage enhanced filter capabilities for finer tuning and significantly reduce the noise associated with lower priority file changes, increasing productivity and efficiency.