SlideShare a Scribd company logo

RuSIEM vs SOC (En)

Download as PPTX, PDF
Olesya Shelestova
Olesya Shelestova

How to interaction RuSIEM with SOC (security operation center).

Software
1 of 12
support@rusiem.com https://rusiem.com RuSIEM vs SOC (Security Operation Center) 2018
Existing methods in the current versions • Forwarding events by Syslog (TLS) to all, by filter or criticality • Notification by e-mail according to the correlation rule • Formation and sending of events when triggered the correlation rule • Running the script and the script in correlation • The hierarchical structure of RuSIEM • The "only SOC" option with the installation of collectors or storage nodes on the Customer's side with management of SOC operators • Access to incidents, events via RuSIEM API 3
Forwarding events by Syslog • Plain text or Syslog TLS • All or by filter (field, host, source, criticality, etc.) • Filtered events with RuSIEM symptomatic ® • Format: RAW, normalized, CEF 4
Notification by e-mail • Users, groups and any external e-mail addresses • Indicated individually in each correlation rule 5
Formation and sending of events when triggered correlation rule • The text of the event is indicated individually in each correlation rule • By default, notifications are used for system users (by group / user / role) 6
Run script / script in correlation • Local execution of the script / command individually specified for the correlation rule • Content of the script - any of your content • When the correlation rule is triggered • The transfer of variables with correlation is supported (for example, $ host, $ src.ip, $ user.name) 7
The hierarchical structure of RuSIEM • Distributed event search without consolidating events into a single repository • Distributed correlation without consolidation of events • Using a multi-level model with different storage periods, its own correlation rules • Linked and unrelated levels of the model • Remote management of nodes from a single console 8
SOC Customers
Option "only SOC" • The Customer only installs nodes to collect and(or) store events • Control is carried out only from SOC • Access to client node management can be restricted to SOC personnel and only access to events is provided 10
SOC Customers Remote offices
Access to incidents, events via API • Managing the settings of the node remotely from a single console • Manage any settings remotely • Full management of incidents, symptoms, correlation rules remotely • Authentication and authorization through tokens and role model 12
Contacts: Web: https://www.rusiem.com Telegram: https://t.me/rusiem Facebook: https://www.facebook.com/rvsiem Info@support: support@rusiem.com THANK YOU FOR ATTENTION 13

Recommended

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
RuSIEM IT assets
RuSIEM IT assetsRuSIEM IT assets
RuSIEM IT assetsOlesya Shelestova
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter HimselfSergey Soldatov
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware ResistanceFlorian Roth
 

Recommended

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
RuSIEM IT assets
RuSIEM IT assetsRuSIEM IT assets
RuSIEM IT assetsOlesya Shelestova
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter HimselfSergey Soldatov
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware ResistanceFlorian Roth
 
A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...Binu Ramakrishnan
 
Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Florian Roth
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiNCCOMMS
 
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...Denis Kolegov
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314Florian Roth
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysisSumedt Jitpukdebodin
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
50 Shades of Sigma
50 Shades of Sigma50 Shades of Sigma
50 Shades of SigmaFlorian Roth
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response RolesFlorian Roth
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt ScannerFlorian Roth
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security PuzzleVic Hargrave
 
Content Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooContent Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooBinu Ramakrishnan
 
Хакеро-машинный интерфейс
Хакеро-машинный интерфейсХакеро-машинный интерфейс
Хакеро-машинный интерфейсPositive Hack Days
 
Continuous monitoring with OSSIM
Continuous monitoring with OSSIMContinuous monitoring with OSSIM
Continuous monitoring with OSSIMEguardian Global Services
 
Antivirus is hopeless
Antivirus is hopelessAntivirus is hopeless
Antivirus is hopelessSumedt Jitpukdebodin
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?Ksenia Peguero
 

More Related Content

What's hot

A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...Binu Ramakrishnan
 
Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Florian Roth
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiNCCOMMS
 
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...Denis Kolegov
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314Florian Roth
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
50 Shades of Sigma
50 Shades of Sigma50 Shades of Sigma
50 Shades of SigmaFlorian Roth
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response RolesFlorian Roth
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security PuzzleVic Hargrave
 
Content Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooContent Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooBinu Ramakrishnan
 
Хакеро-машинный интерфейс
Хакеро-машинный интерфейсХакеро-машинный интерфейс
Хакеро-машинный интерфейсPositive Hack Days
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 

What's hot (20)

A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...
 
Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
 
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
 
Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
50 Shades of Sigma
50 Shades of Sigma50 Shades of Sigma
50 Shades of Sigma
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response Roles
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security Puzzle
 
Content Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooContent Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at Yahoo
 
Хакеро-машинный интерфейс
Хакеро-машинный интерфейсХакеро-машинный интерфейс
Хакеро-машинный интерфейс
 
Continuous monitoring with OSSIM
Continuous monitoring with OSSIMContinuous monitoring with OSSIM
Continuous monitoring with OSSIM
 
Antivirus is hopeless
Antivirus is hopelessAntivirus is hopeless
Antivirus is hopeless
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagement
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challenges
 

Similar to RuSIEM vs SOC (En)

CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?Ksenia Peguero
 
RuSIEM overview (english version)
RuSIEM overview (english version)RuSIEM overview (english version)
RuSIEM overview (english version)Olesya Shelestova
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 
Server-side JS with NodeJS
Server-side JS with NodeJSServer-side JS with NodeJS
Server-side JS with NodeJSLilia Sfaxi
 
Kubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentKubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentCloudOps2005
 
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...Positive Hack Days
 
CCNA-Open-Platform-IoT
CCNA-Open-Platform-IoTCCNA-Open-Platform-IoT
CCNA-Open-Platform-IoTMichael Koster
 
Open Horizontal Platform - Web Scale Interoperability for the Internet of Thi...
Open Horizontal Platform - Web Scale Interoperability for the Internet of Thi...Open Horizontal Platform - Web Scale Interoperability for the Internet of Thi...
Open Horizontal Platform - Web Scale Interoperability for the Internet of Thi...Michael Koster
 
Open Horizontal Platform - Web Scale Interoperability for IoT - CCNA 2013
Open Horizontal Platform - Web Scale Interoperability for IoT - CCNA 2013Open Horizontal Platform - Web Scale Interoperability for IoT - CCNA 2013
Open Horizontal Platform - Web Scale Interoperability for IoT - CCNA 2013Michael Koster
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
Real World Event Sourcing and CQRS
Real World Event Sourcing and CQRSReal World Event Sourcing and CQRS
Real World Event Sourcing and CQRSMatthew Hawkins
 
Dallas Mulesoft Meetup - Log Aggregation and Elastic Stack on Anypoint Platform
Dallas Mulesoft Meetup - Log Aggregation and Elastic Stack on Anypoint PlatformDallas Mulesoft Meetup - Log Aggregation and Elastic Stack on Anypoint Platform
Dallas Mulesoft Meetup - Log Aggregation and Elastic Stack on Anypoint PlatformAdam DesJardin
 
Ladies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State ManagementLadies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State Managementgemziebeth
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013brian_chong
 

Similar to RuSIEM vs SOC (En) (20)

CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?
 
RuSIEM overview (english version)
RuSIEM overview (english version)RuSIEM overview (english version)
RuSIEM overview (english version)
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
 
Server-side JS with NodeJS
Server-side JS with NodeJSServer-side JS with NodeJS
Server-side JS with NodeJS
 
Firewalls
FirewallsFirewalls
Firewalls
 
Sophos XG Firewall
Sophos XG FirewallSophos XG Firewall
Sophos XG Firewall
 
Kubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentKubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy Agent
 
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
 
CCNA-Open-Platform-IoT
CCNA-Open-Platform-IoTCCNA-Open-Platform-IoT
CCNA-Open-Platform-IoT
 
Open Horizontal Platform - Web Scale Interoperability for the Internet of Thi...
Open Horizontal Platform - Web Scale Interoperability for the Internet of Thi...Open Horizontal Platform - Web Scale Interoperability for the Internet of Thi...
Open Horizontal Platform - Web Scale Interoperability for the Internet of Thi...
 
Open Horizontal Platform - Web Scale Interoperability for IoT - CCNA 2013
Open Horizontal Platform - Web Scale Interoperability for IoT - CCNA 2013Open Horizontal Platform - Web Scale Interoperability for IoT - CCNA 2013
Open Horizontal Platform - Web Scale Interoperability for IoT - CCNA 2013
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
HTML5 - The Promise & The Peril
HTML5 - The Promise & The PerilHTML5 - The Promise & The Peril
HTML5 - The Promise & The Peril
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
Real World Event Sourcing and CQRS
Real World Event Sourcing and CQRSReal World Event Sourcing and CQRS
Real World Event Sourcing and CQRS
 
Dallas Mulesoft Meetup - Log Aggregation and Elastic Stack on Anypoint Platform
Dallas Mulesoft Meetup - Log Aggregation and Elastic Stack on Anypoint PlatformDallas Mulesoft Meetup - Log Aggregation and Elastic Stack on Anypoint Platform
Dallas Mulesoft Meetup - Log Aggregation and Elastic Stack on Anypoint Platform
 
Ladies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State ManagementLadies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State Management
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013
 

More from Olesya Shelestova

Руководство по формату событий для разработчиков
Руководство по формату событий для разработчиковРуководство по формату событий для разработчиков
Руководство по формату событий для разработчиковOlesya Shelestova
 
RuSiem events collection and forwarding
RuSiem events collection and forwardingRuSiem events collection and forwarding
RuSiem events collection and forwardingOlesya Shelestova
 
From SIEM to Business processes
From SIEM to Business processesFrom SIEM to Business processes
From SIEM to Business processesOlesya Shelestova
 
SIEM use cases - как их написать
SIEM use cases - как их написатьSIEM use cases - как их написать
SIEM use cases - как их написатьOlesya Shelestova
 
Корреляция в SIEM системах
Корреляция в SIEM системахКорреляция в SIEM системах
Корреляция в SIEM системахOlesya Shelestova
 
RuSIEM. Потребители. Состав продукта. Отличия. Применение.
RuSIEM. Потребители. Состав продукта. Отличия. Применение.RuSIEM. Потребители. Состав продукта. Отличия. Применение.
RuSIEM. Потребители. Состав продукта. Отличия. Применение.Olesya Shelestova
 
автоматизируем пентест Wifi сети
автоматизируем пентест Wifi сетиавтоматизируем пентест Wifi сети
автоматизируем пентест Wifi сетиOlesya Shelestova
 

More from Olesya Shelestova (15)

Руководство по формату событий для разработчиков
Руководство по формату событий для разработчиковРуководство по формату событий для разработчиков
Руководство по формату событий для разработчиков
 
RuSIEM vs SOC (Rus)
RuSIEM vs SOC (Rus)RuSIEM vs SOC (Rus)
RuSIEM vs SOC (Rus)
 
RuSiem events collection and forwarding
RuSiem events collection and forwardingRuSiem events collection and forwarding
RuSiem events collection and forwarding
 
From SIEM to Business processes
From SIEM to Business processesFrom SIEM to Business processes
From SIEM to Business processes
 
Deploy RvSIEM (eng)
Deploy RvSIEM (eng)Deploy RvSIEM (eng)
Deploy RvSIEM (eng)
 
Free RvSIEM. Intro (Rus)
Free RvSIEM. Intro (Rus)Free RvSIEM. Intro (Rus)
Free RvSIEM. Intro (Rus)
 
Rusiem 2017_обзор
Rusiem 2017_обзорRusiem 2017_обзор
Rusiem 2017_обзор
 
SIEM use cases - как их написать
SIEM use cases - как их написатьSIEM use cases - как их написать
SIEM use cases - как их написать
 
Корреляция в SIEM системах
Корреляция в SIEM системахКорреляция в SIEM системах
Корреляция в SIEM системах
 
SIEM для ИТ
SIEM для ИТSIEM для ИТ
SIEM для ИТ
 
RuSIEM. Потребители. Состав продукта. Отличия. Применение.
RuSIEM. Потребители. Состав продукта. Отличия. Применение.RuSIEM. Потребители. Состав продукта. Отличия. Применение.
RuSIEM. Потребители. Состав продукта. Отличия. Применение.
 
RuSIEM 2016
RuSIEM 2016RuSIEM 2016
RuSIEM 2016
 
RuSIEM (15.11.2015)
RuSIEM (15.11.2015)RuSIEM (15.11.2015)
RuSIEM (15.11.2015)
 
RuSIEM
RuSIEMRuSIEM
RuSIEM
 
автоматизируем пентест Wifi сети
автоматизируем пентест Wifi сетиавтоматизируем пентест Wifi сети
автоматизируем пентест Wifi сети
 

Recently uploaded

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

Recently uploaded (20)

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 

RuSIEM vs SOC (En)

  • 2. Existing methods in the current versions • Forwarding events by Syslog (TLS) to all, by filter or criticality • Notification by e-mail according to the correlation rule • Formation and sending of events when triggered the correlation rule • Running the script and the script in correlation • The hierarchical structure of RuSIEM • The "only SOC" option with the installation of collectors or storage nodes on the Customer's side with management of SOC operators • Access to incidents, events via RuSIEM API 3
  • 3. Forwarding events by Syslog • Plain text or Syslog TLS • All or by filter (field, host, source, criticality, etc.) • Filtered events with RuSIEM symptomatic ® • Format: RAW, normalized, CEF 4
  • 4. Notification by e-mail • Users, groups and any external e-mail addresses • Indicated individually in each correlation rule 5
  • 5. Formation and sending of events when triggered correlation rule • The text of the event is indicated individually in each correlation rule • By default, notifications are used for system users (by group / user / role) 6
  • 6. Run script / script in correlation • Local execution of the script / command individually specified for the correlation rule • Content of the script - any of your content • When the correlation rule is triggered • The transfer of variables with correlation is supported (for example, $ host, $ src.ip, $ user.name) 7
  • 7. The hierarchical structure of RuSIEM • Distributed event search without consolidating events into a single repository • Distributed correlation without consolidation of events • Using a multi-level model with different storage periods, its own correlation rules • Linked and unrelated levels of the model • Remote management of nodes from a single console 8
  • 9. Option "only SOC" • The Customer only installs nodes to collect and(or) store events • Control is carried out only from SOC • Access to client node management can be restricted to SOC personnel and only access to events is provided 10
  • 11. Access to incidents, events via API • Managing the settings of the node remotely from a single console • Manage any settings remotely • Full management of incidents, symptoms, correlation rules remotely • Authentication and authorization through tokens and role model 12
  • 12. Contacts: Web: https://www.rusiem.com Telegram: https://t.me/rusiem Facebook: https://www.facebook.com/rvsiem Info@support: support@rusiem.com THANK YOU FOR ATTENTION 13