The AlienVault SIEM Correlation Engine is where the deluge of data from raw events are turned into actionable alerts.
The Correlation Engine leverages rules created by the AlienVault Labs research team to identify attack patterns and malicious behavior. When trying to penetrate a system, attackers often take advantage of the fact that security controls are rarely working together and are rarely monitored. The AlienVault Correlation Engine helps to automate that analysis so that attacks can be quickly identified and breaches can be quickly contained.
The AlienVault Logger performs a simple, but critical, task – it forensically stores all of the logs an organization produces. Regardless of the numerous compliance obligations to maintain raw log data, it is important for forensic purposes to have full visibility into the historical record. The AlienVault Logger provides this capability and is fully integrated into the AlienVault Console making for seamless access to historical log data from the same user interface used for SIEM incident management.
The AlienVault agent extends the visibility of security team to the endpoint. Agents often come with management overhead and a complicated deployment burden, however the AlienVault agent can be managed, updated, configured, and deployed from within the AlienVault Console.
Having visibility into the behavior at the endpoint (or host level) provides critical context to the activity observed at the network level. Understanding what software is actually handling which requests and what the ultimate effects are provides full visibility into the impact of the events observed at the firewall, load balancer, router, and IDS.
The value of building together the five critical security capabilities that the AlienVault USM Platform includes is fully appreciated when using the AlienVault Console. The AlienVault Console not only provides visibility into the security of your system as a whole but it also provides for the centralized management and configuration of the security controls essential to that visibility. This allows our security experts to spend more time doing what we need them to do; securing our systems – not managing their tools.
The AlienVault Console provides a complete risk dashboard, allowing end users to create monitoring stations that provide real-time information related to events and alerts throughout the network. The configuration of the content and the display of the information is highly configurable to ensure each user can easily monitor the data they need to see in a manner that is convenient for them.