Pack Documentation
Logsign Next-Gen SIEM provides comprehensive visibility and control of your data lake. It allows security analysts to collect and store unlimited data, and to investigate, detect and respond to threats automatically.
Logsign SIEM provides comprehensive visibility and control of your data lake by allowing security analysts to collect and store unlimited data, investigate and detect threats, and respond automatically.
Use Cases
Once implemented, a SIEM solution becomes a vital component of an enterprise security strategy. As a result, there are a large number of use cases that it caters to. A security team does not know what they will face next. With the increasing number of endpoint devices and growing reliance on cloud-based services, the potential attack surface
area is expanding. Considering these factors, it becomes difficult for security teams to keep track of events happening across an enterprise network.
We equip enterprise security operations teams with smart SIEM and SOAR tools that improve workforce efficiency and provide better, accelerated investigations and responses.
- Advanced Threat Detection
Detection of internal and external threats
in real time, mitigation and eradication of
threats are extensively handled. - Threat Hunting
Logsign SIEM proactively detects insider
threats or outside attackers and quickly
responds to any suspicious behavior. - Security Analytics and Visualization
You cannot manage what you can’t see.
Logsign focuses on security big data
analytics and visualizes the outcomes
on dashboards and reports to provide
understandable outcomes. - SOC Management
SIEM products are located in the center of
SOC operations and tools. They are strictly
required for real-time detection of alerts,
detailed investigation, analysis, threat
hunting and response. - Centralized Log Management
Logsign SIEM collects and stores data by
integrating with all data sources, and it
analyzes all data in one central platform.
What does this pack do?
This Content Pack is used to fetch incident logs, detail investigation on data lake, finding threats and anomaly to respond these threats in realtime.
Using the Logsign SIEM integration, you can fetch Logsign incidents colums.This columns such as:
- The name of alert
- The action object of alert
- Related alerts information
- The objects that make up the alert, such as the IP address, hashes, user names, etc.
Logsign integration enables you to run drill down searches to retrieve additional data from Logsign such as:
- Get information about event columns(Ip Adress,Ports, GeoLocation, Behaviors,Event Category, etc.
- Get event based counts about incident
