CO-MANAGED SIEM | Security Event and Incident Management

 

Co-Managed SIEM (Security Information and Event Management)

RedLegg’s 12x7 or 24x7 Co-Managed SIEM service gathers logs and events from key hosts within the network, aggregates the logs together and provides alerting on events or series of events that match pre-determined criteria. Through a combination of Management and Monitoring of the customer SIEM Environment, RedLegg is able to provide the following key features to customers.

  • Managed and Monitored or Monitor Only service options
  • Alarm customization
  • Integrated ticketing system
  • Log queries and investigation
  • Detailed and custom on-demand reporting
DATA AGGREGATION
Logs from the customer’s environment are gathered into one central location and displayed together to provide full context to host activity.
DATA CORRELATION
Logs are inspected to look for relationships, patterns, and trends across all log hosts to identify activity that may be malicious in origin.
ALERTING
RedLegg works with the customers to create relevant useful alerts so that in the event of issue, security or operational, the relevant parties will be notified.
LOG RETENTION
RedLegg works to meet your log retention requirements by identifying the solution that will meet your needs and keep your data secure but accessible if needed.
COMPLIANCE REPORTS
Depending on compliance or audit requirements, RedLegg will work with the customer to build the reports and views needed for various levels of user.

SIEM MONITORING & MANAGEMENT

SIEM Management consists of heath and performance, availability and outage notifications, patch and software updates and tuning and configuration. Below are all that included in the SIEM Monitor Service:

EVENT REVIEW

RedLegg’s Security Operations staff will perform a review of events generated from the logs received from data sources. Actionable events will be escalated via ticketing system to the customer.

AUTOMATED ALERTING

RedLegg will work with the customer on the creation of automated alerting. Automated Alerts are generated when the SIEM has identified activity as suspicious or problematic based on signatures or behavior patterns. Automated alerts arrive via email.

INTEGRATED TICKETING SYSTEM

When actionable events are identified by the SIEM Solution an Automated Alert is generated, all information is submitted into our ticketing system for investigation, tracking, and auditing purposes. The ticketing system is available through our customer user portal and email.

LOG QUERIES AND INVESTIGATION

In the event that suspicious activity has been detected or an investigation of the activity of a host is a required, RedLegg can perform custom queries in the SIEM Log Database to retrieve event information from a designated date and time.

DATA CORRELATION

On-demand reports are available to the customer detailing statistics and analysis of the activity of the hosts reporting in to the service. Many of the reports available are tailored to security or compliance requirements.

GET COVERED.

REACH OUT