25/12/2024
Defensys has presented a new version of the flagship product Defensys SIEM 1.8 with extended functions. The version has audit of cyber event sources for a quick problem’s identification and elimination, Kubernetes performance monitoring for glitch risk minimization, and a faster user authentication through LDAP-protocol.
New level of event source management
In the new version of the Defensys SIEM users can track sources’ statuses, that transfer events to collectors. The status is assessed based on the events’ quantity and quality, which makes the abnormalities detection possible.
For this purpose, the system provides customizable source auditing policies. They track changes in the event pipeline and send notifications via customized integrations when specified threshold values are reached.
Timeliness and completeness of incoming events are crucial aspects for SOC functionality. That’s why the developer has added metrics for sources control which help to promptly detect and eliminate possible problems, such as missing events from one of the sources.
Kubernetes performance monitoring
Condition of all SIEM system components should be carefully monitored to ensure the smooth operation of the system. Defensys applies state-of-the-art approaches and technologies, incl. Kubernetes. A special section “Monitoring” was added to the Defensys SIEM, which allows users to follow the Kubernetes cluster status.
In the section users can find detailed information regarding containers, nodes, system modules, and other cluster components. The availability of visual monitoring tools helps analysts to closely monitor the cluster status and resource utilization, and collect all necessary metrics centrally using any convenient external tool.
Integration with directory systems
Starting with the version 1.8 the system has authorization in Active Directory, FreeIPA, and OpenLDAP domains through LDAP-protocol (Lightweight Directory Access Protocol). LDAP-protocol is an effective tool for centralized management of both individual domain users and domain groups. It can be used for:
Users authentication with external directory services;
Users data synchronization, incl. login, full name, job title, status, e-mail, and phone number;
Roles and permissions management of users imported from external directories.
Implementation of LDAP-connections significantly reduces the time required for user authentication and provides the possibility to set up a role model in the system.
Basic functionality improvement in the Defensys SIEM 1.8
The developer has extended the basic functionality of the Defensys SIEM by adding 2 new features:
1. Dashboard export and import. Users now can import and export dashboards in JSON format. The feature allows users to easily import ready-to-use dashboards templates and apply them as content, that noticeably simplifies analysts’ work.
2. Message templates for SMTP-integration. While setting up notifications through SMTP-integration users can utilize fields for notification or correlation events, that have previously generated notifications, in message templates. Thanks to this, custom templates for different tasks and integration assignments can be created.
These improvements make working with the system more productive, allowing analysts to focus on analyzing data rather than routine tasks.
“We are actively deepening our expertise and developing the Defensys SIEM functionality according to the market needs. Currently, the expertise package already supports more than 100 event sources and contains more than 350 correlation rules. These tools allow us to effectively identify the main attack areas and cover a major part of infrastructure without additional customization. Our goal is to offer our customers a product that efficiently and securely fulfills their daily tasks. “- commented Andrey Chechetkin, Defensys CEO.