Incident and Event Services SIEM


The Incident and Event Services (SIEM) app helps to manage various settings that defines the levels of security analysis done by Red Piranha’s Security Operations Team. Crystal Eye offers three security service levels namely, Level – 1 Gold, Level 2 - Silver and Level 3 - Platinum. The system also prompts the user to feed in the primary and secondary contact details which is used to contact the users by Red Piranha Security Operations Team for various security related correspondences. The administrator can also start and stop the SIEM Agent installed in the Crystal Eye appliance.

Note: The SIEM Agent plays a vital role in establishing connection with Red Piranha’s SIEM Server and helps to pass the log files to the server for further detailed security threat analysis by the Security Operations Team.


The Incident and Event Services SIEM application is installed by default and can be accessed from the left-hand navigation panel.


Left-hand Navigation Panel > Compliance Control > Incident and Event Services (SIEM) Application crystal-eye-xdr-nav-siem


The SIEM Agent is a part of the Crystal Eye Platform and identifies various threats detected by the CE XDR appliance through various types of log files and sends them to the SIEM Server for further analysis.

The SIEM Agent Status section shows the current running status of the SIEM Agent and also shows whether the SIEM agent is connected to the Crystal Eye Security Operations Center (CE SOC). See the reference screenshot below

SIEM%20status


There are various types of threat analysis done by the Security Operations Team of Red Piranha for its clients. These threat analytics sis are offered as a service as per the service level opted by the user under the Incident and Event Services (SIEM) section.

Red Piranha’s Security Operations Team delves into the log files generated from various default apps installed in the CE appliance which is sent by the SIEM agent to the SIEM Server. These log files give insights on the various threats patterns that can pose a risk to the network infrastructure.

The various threat analysis types performed by Red Piranha’s Security Operations Team based on the opted Service Levels are discussed in detail below.


  • Integrity Check Logs Analysis: The system integrity directory is analysed
  • Mail Logs Analysis: The log details of mail generated from mail app is analysed
  • Message Logs Analysis: A list of system generated message logs are analysed for threats.
  • Rootkit (Trojan) Analysis: Involves detection of any possible rootkit (Trojan) installed.
  • Security Logs Analysis: The security logs generated from various applications of CE appliance is analysed for threats
  • Web Configuration Logs Analysis: The CE appliance GUI related logs are analysed for threats.


  • Anti-Virus Logs Analysis: It relates to analysis of the logs attained from the gateway anti-virus apps.
  • Internet Browsing Analysis: This is done by analysing internet browsing related logs created through the content filter app
  • Forcefield Logs Analysis: This analysis type is done to detect various forcefield app logs generated out of exceeding failed login attempts.
  • Integrity Check Logs Analysis: The system integrity directory is analysed
  • Mail Logs Analysis: The log details of mail generated from mail app is analysed
  • Message Logs Analysis: A list of system generated message logs are analysed for threats.
  • Rootkit (Trojan) Analysis: Involves detection of any possible rootkit (Trojan) installed.
  • Security Logs Analysis: The security logs generated from various applications of CE appliance is analysed for threats
  • Web Configuration Logs Analysis: The CE appliance GUI related logs are analysed for threats.


  • Anti-Virus Logs Analysis: It relates to analysis of the logs attained from the gateway anti-virus apps.
  • Internet Browsing Analysis: This is done by analysing internet browsing related logs created through the content filter app
  • Data Loss Protection Logs Analysis: Operation logs generated from the DLP app is analysed to counter DLP incident.
  • Database Log Analysis: Involves analysing various content database logs.
  • Forcefield Logs Analysis: This analysis type is done to detect various forcefield app logs generated out of exceeding failed login attempts.