Big data-powered, instantaneous alerting that covers complex situations! nuSIEM’s capability to handle complex rules at high volume EPS (events per second) ensures their customers receive real-time actionable alerts delivered to their inbox, ticketing system, or text, and viewable in nuSIEM’s historical alert reporting. nuSIEM offers five-layered strategies backed by configuration support from security engineers for comprehensive alerting.
Preconfigured Base Alerts
Hundreds of alerts covering everything from system events, device up/down status, web surfing, IPS, application control and more. Quickly select the alerts needed on a daily basis. Custom alerts are available to enable users to create any alert necessary.
Intelligent/Correlated Event Alerts
Preconfigured alerts are offered that identify related events blended with the control of time. This service offers the ability to create alerts, such as an interface being down for more than 30 seconds before an alert is issued to suppress a poor VPN link, or five bad login events on the sslvpn in the last three minutes and the ability to link IPS events to blocked website access that have occurred within last five minutes from the same host.
Artificial Intelligence/Trend-based Alerts
Understanding log data baselines and any departure from them is a critical monitoring component. Using Nuspire's cloud-based, big data architecture, time spans of log data are normalized and compared to short and long-term baselines. As an example, nuSIEM can identify changes to items such as session counts, DNS, SMTP and bandwidth.
Mix and match criteria across a huge amount of normalized fields to create complex alerting scenarios with advanced filtering. Apply time-based notification throttling to build incredibly advanced cyber-situational awareness with actionable alerts.
Social Threat Intelligence
Apply social and open source threat intelligence against incoming logs to alert upon IoCs (Indicators of Compromise). nuSIEM can identify both network communications as well as malware within files on Windows and Linux systems when using nuSIEM’s FIM (File Integrity Monitor). Consider also CTM for the most advanced Cyber Threat Intelligence available.
Build strategies around alerting such as Silver, Gold, and Platinum levels of services defined in alert templates. Or alert templates based upon customers and device types. Apply alert templates to devices as you provision them to ensure devices are always being monitored and are not forgotten by mistake. Quickly make large changes to alerting strategies with minimal time and effort.