Security Event Manager

Security Event Manager comes with hundreds of pre-built connectors to gather logs from various sources, parse their data, and put it into a common readable format, creating a central location for you and your team to easily investigate potential threats, prepare for audits, and store logs.

Security Event Manager includes features to quickly and easily narrow in on the logs you need, such as visualizations, out-of-the-box filters, and simple, responsive text-based searching for both live and historical events. With scheduled search, you can save, load, and schedule your most commonly used searches.

Security Event Manager can act as your own SOC, alerting you to the most suspicious behaviors, and allowing you to focus more of your time and resources on other critical projects. SEM has hundreds of built in correlation rules to watch your network and piece together data from the various log sources to identify potential threats in real time. Not only will you have out-of-the-box correlation rules to help get you started, but the normalization of log data allows for an endless combination of rules to be created. Additionally, SEM has an integrated threat intelligence feed working to identify behaviors originating from known bad actors.

SEM provides hundreds of out-of-the-box reports to help you demonstrate compliance for HIPAA, PCI DSS, SOX, ISO, DISA STIGs, FISMA, FERPA, NERC CIP, GLBA, GPG13, and more.

The cost of a data breach can be reduced by how quickly you identify the threat and start addressing it. With Security Event Manager, you can hasten your responses by automating them when certain correlation rules are triggered. Responses include block IPs, change privileges, disable accounts, block USB devices, kill applications, and more.

Modifications, deletions, and permission changes to files, folders, and registry settings could be the sign of a potential data breach. You can monitor and be alerted to suspicious or potentially malicious activity in sensitive files with Security Event Manager’s built-in File Integrity Monitoring (FIM) capabilities.

Unmanaged USB flash drives pose an ongoing risk to IT security. Security Event Manager is designed to provide valuable insight into file and USB activity with the built-in USB defender. USB defender helps enforce USB policies and will take automated response if an unmanaged USB is plugged into your network.

Security Event Manager is designed to easily forward raw event log data with syslog protocols (RFC3164 and RFC 5244) to an external application for further use or analysis. Additionally, with one click, you can export your filtered or searched log data to CSV, making it incredibly fast and easy to share log data with other teams or vendors.