Gurucul SIEM

• Consume and process large amounts of structured and unstructured data without performance degradation.

• Leverage 350+ out-of-the-box (OOTB) integrations with major 3rd-party solutions on endpoint, network, cloud, workflow, & identity.

• Use preconfigured data pipelines supporting push/pull integrations through various integration patterns - APIs, flat files, LDAP/ database connect, syslog, NetFlow, and streaming technologies.

• Parse, filter & normalize the data with an intuitive UI to tweak existing pipelines or build new ones.

• Acquire data via agent-less data collection, agents/forwarder based data collection, network decoders, data streams, and log decoders.

• Build pipelines to custom home grown applications.

• Employ Gurucul’s Hadoop based Security Data Lake at no additional cost or use one's own choice of data lake.
Studio

• Provide situational awareness with real-time analytics, identifying risks before they develop into incidents.

• Leverage threat intelligence feeds, blacklists, statistical analysis, correlation rules, and signatures to identify threats.

• Establish baselines of normal activity and detect anomalies with machine learning.

• Generate a unified, dynamic risk score for every user and entity in real-time.

• Enrich the context of security alerts to make it easier to investigate and detect elusive threats.

• Customize threat detection content and analytics with Gurucul STUDIO™.
Threat Detection

• Monitor activity, events & signals from security tools.

• Detect known attack patterns, signatures, and correlations indicating an attack.

• Detect unknown attack chains via machine learning and advanced analytics.

• Leverage pre-packaged threat hunting use case libraries for the most common threat queries.

• Proactively investigate new and unknown threat patterns using contextual data.

• Generate risk prioritized alerts.

• Automate and contain malicious or potential threats from a single interface.
Investigate
• Automate collection of evidence for investigators
• Create a smart link of the entire attack lifecycle for pre and post incident analysis with Automated Incident Timelines
• View timelines spanning days and even years of data in easy to understand visualizations
• Search using any threat vector attributes such as security alerts, IP addresses, case IDs, Machine ID, Malware Signatures etc.
• Link events and related data into security incidents, threats, or forensic findings
• Tie incidents back to kill chain, MITRE ATT&CK techniques
• Get a user / device centric view not an alert centric view
Respond
• Prioritize incidents – understand which incidents are particularly abnormal or dangerous
• Mitigate identified threats with out-of-the-box customizable playbooks
• Provide recommended mitigation actions via playbook automation
• Enable automated response workflows
• Offer canvas-based playbook editor with function blocks
• Integrate with downstream security solutions to trigger appropriate risk remediation, incident response and ticketing
Dashboards & Reporting
• Leverage out-of-the-box dashboards by solution area, persona, or job function
• Customize dashboards with over 100 pre-built widgets which are visual representations of critical security analytics data
• Provide full drill down capabilities into events without leaving the interface
• Automatically map policies and anomaly models to global regulatory frameworks (PCI, HITECH, HIPAA, ISO27000, SOX, MITRE ATT&CK and more)
• Contextual search to review alerts & violations filtered by regulations
• 500+ of out-of-the-box reports
• Automate report scheduling and distribution
• Long-term raw log storage