23/01/2025
The developer has added a correlation rules builder to the Defensys SIEM 2.0. It enables interactive creation and modification of correlation rules without using the code editor. Visual interface and step-by-step process visualization make it easier for analysts to create necessary rules.
The changes have also affected elements of the event processing pipeline. Defensys experts have added the main metrics: “number of errors”, “received and sent events” to the pipeline interface. Now metrics for each element are available at once, without further going into details. The new feature helps to identify potential errors faster and minimize the loss of incoming events.
The vendor has also added a WMI-type entry point that collects Windows logs from endpoints, servers, and WEC (Windows Event Collector) to the release. The update allows users to configure a single entry point to collect multiple logs, making the source configuration easier for engineers.
The Defensys SIEM 2.0 has now the “query manager” section designed to collect and store information about user queries in the event repository in “search”, “RQL sandbox”, and “dashboard” sections. In the new section, analysts can work with query execution history and manage resources. For example, they can view queries executed in dashboards and alerts and monitor which queries load the repository. In addition, resource management service has been introduced. It allows users to set memory consumption limits when executing RQL queries for different user roles. The new features allow administrators to increase system high-availability.
“The accumulated experience of working with customers allows us to clearly define the vector of product development. By analyzing customer needs during projects, we transform the Defensys SIEM to meet high market demands. As a result, we create solutions that meet current needs and anticipate future customer demands, providing them with a stable foundation for improving their cybersecurity,” commented Andrey Chechetkin, Defensys CEO. – “This update is an important milestone in the evolution of the Defensys SIEM. We are shifting our focus from accumulating functionality to improving the quality of user experience. Our team will focus on improving analytics and data visualization tools, as well as reducing Time-to-Value so that our users can get the most out of the product faster”.
Furthermore, the release makes analysts’ work practical and quick thanks to:
The “events” section has been converted to “search”
The developer has added the ability to search active lists in this section and RQL sandbox. The event fields that satisfy the RQL query filter will be highlighted in the “search” section.
New “statistics” mode
The software has a new “statistics” mode, which makes data analysis of all fields on the list of found records and events possible. The developer has worked on the rating of values, the mode allows users to manage sorting and immediately prompts statistics by fields. Moreover, with the “statistics” mode analysts can work with statistics on several attributes simultaneously, which significantly increases the speed of analyst’s immersion rate.
New widgets
The product now includes widgets on alerts and new system’s metrics. The Defensys SIEM 2.0 has three-dimensional histograms and the ability to build widgets based on data from active lists.
About Defensys
Defensys is a vendor of cybersecurity solutions. Since 2011, we have been fostering government agencies and private-sector companies to confidently withstand modern cyber threats and ensure reliable security management worldwide.
Defensys technologies are embedded in financial, public, oil and gas, energy, metal industry, and other sectors.