One of the many values of the NetWatcher Managed Detection & Response service is that it can aggregate logs from devices, server and endpoints and correlate on the data and operate as a Security Information and Event Management system or SIEM.
When you point syslogs to the sensor (or load the NetAgent and turn on LOGS) there are 2 levels of correlation. Â The first happens on the sensor itself locally where the sensor looks through the log to see if it maps to any of its rules, if there is an item in the log that is identified an “Event” is created and sent to the second level of correlation (Cloud Correlation) to determine if an Alarm is necessary.
Now we are ready to take the SIEM events into the cloud and compare them with what we are seeing on the Intrusion Detection System (NIDS), Netflow and Host Intrusion Detection (HIDS) modules and provide you a full picture of the security profile of your network.
You must be logged in to post a comment.