Log review and events correlation (SIEM)

Log Review and Events Correlation

Log Review and Events Correlation service is performed through SIEM tools. SIEM stands for Security Information and Event Management. An effective SIEM Managed Security Service empowers security teams. It brings insight into the system environment through logs, events and other data. Additionally, it combines actionable intelligence with analytical and triage capabilities.

Each SIEM product comprises of a Correlation Engine, Event Analyser, and Management Console. First, the Correlation engine runs and aggregates the information based on the rules/policies by correlation. Following that, the Event analyser conducts analyses on the data and forms the output to the management console.

The scaled-up form of the SIEM is the Security Operation Center (SOC) which integrates the SIEM, with a specialized team and processes for monitoring the network for security events.

How can Panacea help?

There are various SIEM products available in both proprietary and open source domains. Our experts possess in-depth knowledge of a variety of products and leverage this to provide managed services tailored to your needs. Some of the products are as below.

Commercial SIEM Tools:

  • SolarWinds Log & Event Manager
  • HP ArcSight ESM
  • McAfee Enterprise Security Manager (ESM)
  • Sumo Logic

Open Source SIEM Tools:

  • AlienVault OSSIM (Open Source SIEM)
  • OSSEC

Our SIEM Managed Security Service involves a multi-step process. Firstly, creation of SIEM rules/policies. Secondly, implementation of the rules/policies within the environment. Thirdly, fine tuning the analyser according to the environment requirements. However, we understand that some clients may need a more bespoke approach. Lastly, you can leverage our technical expertise to establish SOCs in your premises as Center of Excellence in SOC technology.