Security Information and Event Management (SIEM)

Result Type

ICT Software Digital solution (TRL 6-8)

Lead Developer

Projecto Desenvolvimento Manutenção Formação E Consultadoria, Lda (PDMFC)

Keywords

Security, Log Management, Events Correlation, Security Events/Alerts

Low budget, Low resources requirements, fast performance, low maintenance, ATT Mitre Aligned, powerful correlation engine, fast source customisation, quick deployment, cloud-ready.

Result Description

The SIEM tool plays a key role in real-time threats detection by monitoring logs, flows and events of applications, networks, operational systems, devices and many other data sources. The SIEM Agent is responsible for monitoring any asset output and sending it to SIEM ingestor component that parses the raw data into custom source types before being stored in the central log repository. The SIEM real-time monitoring component brings pre-built use cases based on the MITRE’s knowledge base attacks tactics and is responsible to raise alerts when malicious activity is identified. SIEM has a user-friendly interface that enables use cases, dashboards and schedulers configuration. To facilitate threat hunting and event correlation the SIEM UI still has a search tool where all the central log repositories can be queried in a query language of the security operator’s choice.

Target Business Sectors / EU Policy Areas

  • Business and industry
  • International cooperation and development
  • Research and innovation

Contribution to UN Sustainable Development Goals