SIEM

Security Information and Event Management (SIEM) is an IT security tool that is used to collect, store and analyze large volumes of log data from all sources in the enterprise. It is used to take advantage of each of these data (collected) to identify and analyze, from a platform, the events and/or incidents that may take place on the company’s computer network. In the event of suspicious events or identified incidents, alerts are generated to facilitate their support.

Discover our SOC platform

How a Security Information and Event Management works?

A SIEM combines two main functions. Firstly, it collects from a multitude of agents the logs and log data generated by the security equipment (firewall, antivirus or anti-intrusion) but also company host systems, servers, network equipment. Then, it centralizes all this data within a unified and established console, on the rule base, a diagnosis. When an alert is raised due to malicious activity, it assesses according to pre-established rules its level of severity / prioritization in the management of incidents by the SOC team.

Which SIEM to choose for a SOC?

Faced with the rise of ransomware attacks and the emergence of advanced and persistent threats (APT), SOC teams in charge of the IT security of SMEs and large groups can no longer afford to restrict their activities to use of SIEM tools. These tools for collecting and managing security events show different limitations such as:

Overwhelming its SOC with a large flow of false positives, sometimes encouraging them to lower the level of vigilance on the most critical threats.
Increase the workload of its team of analysts, especially since it must make an investigation effort around non-contextualized alerts (because they come from uncorrelated sources).

For profiles evolving to the position of SOC, RSSI, CISO manager, the adoption of a SIEM tool can be a source of anxiety due to the lack of visibility on the cost that its deployment would represent. The volume of data to be collected being very fluctuating, they may be forced to make a choice between security and data because of invoicing which can very quickly climb following a peak of unpredictable events.

Discover our SOC platform

At SEKOIA, we offer you the use of our XDR solution. Here, the pricing is predictive because it is established according to the computer park to be supervised and not the data to be collected.

Our solution brings together from a unified console, the power of a SIEM, the agility of SaaS and the efficiency of a SOAR, driven by already operational intelligence.

It saves your analysts time and efficiency. Integrating our CTI flow with your cybersecurity tools via an API allows them to be operational from the first minutes of deployment of our XDR in your infrastructure. They can carry out actions with real added value, such as carrying out investigations around the alerts raised by our detection rules. Each triggered alert is enriched by combining detection rules based on TTPs, behavioral approach to threats and SIGMA correlation engine in order to reduce their investigation efforts.

Moreover, once the connectors have been made, our XDR solution does not just monitor current or future logs as, for example, an EDR. It also takes into account your old logs (if they existed of course). In case there is an existing threat, an alert is raised so that it can be processed by your analysts and/or blocked by your security tools.

Discover our SOC platform

If you already have a SIEM tool and you are hesitant to adopt a tool XDR for various reasons (such as the fear of a long and costly deployment) we invite you to consult this page dedicated to the use cases of our SEKOIA.IO XDR solution. At the same time, we discuss the integration facilities offered by our solution.

Discover the definition of: Cyber Threat Intelligence (CTI), Extended Detection and Response (XDR), Endpoint detection and Response (EDR), CSIRT, CERT.

We are a cybersecurity software publisher. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platform, CTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.

Others Terms

Others Terms

SOC(Security Operations Center)

Security Operations Center (SOC) is an organizational structure dedicated to the implementation of all the security operations of an organization against cyberattacks. These actions include the supervision and protection of an organization’s information system (workstations, networks, website, applications, databases, etc.)

XDR(eXtended Detection & Response)

XDR (eXtended Detection & Response) designates a holistic approach to cybersecurity operational. It stands out for its ability to consolidate and automate on a unified SaaS platform all data, analyzes and responses to cyber threats, regardless of their origin, supplier or specialization.

Échangez avec l’équipe

Vous souhaitez en savoir plus sur nos solutions de protection ?
Vous voulez découvrir nos produits de XDR et de CTI ?
Vous avez un projet de cybersécurité dans votre organisation ?
Prenez rendez-vous et rencontrons-nous !

Contactez-nous

Chat with our team !

Would you like to know more about our solutions ?
Do you want to discover our XDR and CTI products ?
Do you have a cyber security project in your organization ?
Make an appointment and meet us !

Contact us

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_152945562_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
Inbound Converter	2 ans	This script communicates back to TechTarget which accounts, based on reverse IP lookup, have visited this website. The information that is transmitted includes: URL of page landed on, Timestamp of visit, IP Address
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.