The Incident and Event Services (SIEM) app helps to manage various settings that defines the levels of security analysis done by Red Piranha’s Security Operations Team. Crystal Eye offers three security service levels namely, Level – 1 Gold, Level 2 - Silver and Level 3 - Platinum. The system also prompts the user to feed in the primary and secondary contact details which is used to contact the users by Red Piranha Security Operations Team for various security related correspondences. The administrator can also start and stop the SIEM Agent installed in the Crystal Eye appliance.
Note: The SIEM Agent plays a vital role in establishing connection with Red Piranha’s SIEM Server and helps to pass the log files to the server for further detailed security threat analysis by the Security Operations Team.
The Incident and Event Services SIEM application is installed by default and can be accessed from the left-hand navigation panel.
|Left-hand Navigation Panel > Compliance Control > Incident and Event Services (SIEM) Application|
The SIEM Agent is a part of the Crystal Eye Platform and identifies various threats detected by the CE XDR appliance through various types of log files and sends them to the SIEM Server for further analysis.
The SIEM Agent Status section shows the current running status of the SIEM Agent and also shows whether the SIEM agent is connected to the Crystal Eye Security Operations Center (CE SOC). See the reference screenshot below
There are various types of threat analysis done by the Security Operations Team of Red Piranha for its clients. These threat analytics sis are offered as a service as per the service level opted by the user under the Incident and Event Services (SIEM) section.
Red Piranha’s Security Operations Team delves into the log files generated from various default apps installed in the CE appliance which is sent by the SIEM agent to the SIEM Server. These log files give insights on the various threats patterns that can pose a risk to the network infrastructure.
The various threat analysis types performed by Red Piranha’s Security Operations Team based on the opted Service Levels are discussed in detail below.