The Energy Logserver in the SIEM plan is a powerful tool that is able to detect, alert and indicate threats within the IT architecture. It has an advanced internal incident severity calculation system. This means that the Energy Logserver SIEM not only detects incidents, but can analyze them in terms of priority.

Do you want to know about suspicious activities in your infrastructure? We detect, among others hacking attempts, anomalies, misconfigured applications and unauthorized user actions.

Thanks to a large database of predefined correlation and visualization rules, we enable you to start working with your SIEM plan immediately.

Logs Analyzing
Strong integration with various data sources provides the necessary monitoring and response capabilities. ELS SIEM plan will help You to collect, aggregate, index and analyze security data.
Energy Logserver with SIEM plan ensures compliance with many important regulations and safety standards. Extensive functionality, scalability and support for multiple platforms allows the organization to meet technical requirements for compliance with the required standards. The system provides ready-made reports and visualizations for such regulations as: PCI DSS, GDPR, CIS, GPG13.
Incident Response
Energy Logserver in SIEM plan provides prepared sets of active reactions to handle detected threats. For example - block access to the system from an infected source if the defined criteria are met. It can also be used to run remote commands and scripts for integrated solutions, identify IOC and current incident investigation and response.
Intrusion Detection
Optional agents scan monitored systems for malware, rootkits and suspicious anomalies. Agents allow or make easier to detect hidden files, masked processes and unrecorded listings in the network as well as inconsistencies in the response to system calls.
Security Analytics
ELS SIEM plan receive logs from operating systems and applications and then analyzes them with usage of a large database of predefined rules. With that this tool is able to find system and application errors, wrong configurations, attempts and successful attacks, security policy violations and a number of other security-related problems.

Cloud Security
SIEM plan of Energy Logserver allows you to watch over the cloud environment from the API level. This is possible due to the use of integration modules that collect security data from clouds provided by Amazon AWS, Microsoft Azure, or Google Cloud. Tool also provides a set of rules to assess the configuration of the cloud environment in terms of catching potential security holes.
File Integrity
The application monitors selected files - supervises changes in content, permissions, properties and file attributes. Every change in both data and metadata of file is detected by the ELS system and reported.
Vulnerability Detection
ELS SIEM plan correlates data from the monitored environment with constantly updated CVE (Common Vulnerabilities and Exposure) databases to identify potential vulnerabilities and exploits in the system. An automated resilience assessment allows you to find weaknesses in resources and help you take appropriate corrective actions.
Configuration Assessment
ELS monitors applications and systems settings in order to confirm their compliance with the accepted rules and safety standards. If installed, agents perform scans on a scheduled basis to detect software that may be potentially susceptible, out of date, or misconfigured.