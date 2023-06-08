From SGBox some SIEM features that strengthen its position in the panorama of security tools and improve the suite dedicated to enterprise security and compliance. In an era where cyber threats are constantly increasing, the company aims to offer a answer complete and reliable to the security and compliance needs of the enterprise universe and SMEs.

New SIEM features

Relying on the modular nature, the continuous integration of new features and the improvement of existing ones, SGBox allows you to obtain a complete and aggregated view of all information relevant to the security of IT systems. And this is also thanks to the powerful correlation engine and sophisticated analysis system that are an integral part of the solution.

La cyber security moderna

The most significant new feature is the Incident Management module, which enables efficient management of incidents and anomalies detected by the SGBox modules. The complexity of modern cyber security is not limited to detecting threats. In fact, consolidated and efficient management processes are needed to prevent potential of technology are frustrated by inefficient procedures and bottlenecks.

This feature provides a centralized entry point for managing security tickets. It also provides a collaborative environment for investigation and resolution teams. The module allows you to make a report, assign it and follow its evolution in end-to-end mode, up to complete resolution. Statistics and reports are also available to provide insight into anomalies and help refine response efficiency.

Detect and respond

A central role in the SGBox SIEM is also covered by the SOAR and Active Directory Auditor modules. The first pillar of modern enterprise security is an innovative security orchestration, automation, and response (SOAR) system. It can detect threats, evaluate them and take action automatically, executing streams of predefined actions. In this way, it is the face of security operations automation, supporting (but not replacing) experienced professionals. The second, however, is the module dedicated to the continuous and in-depth monitoring of Active Directory.

Natively integrated

It is a tool to detect and report timely anomalies by defining appropriate thresholds in the identified KPIs. It also allows you to assess the risk associated with each anomaly, thereby enabling proactive security management. It is also natively integrated with other modules of the suite and such as Windows Audit and Windows File System Audit.

Finally, the company recently introduced powerful event and log query capabilities to enable in-depth analysis and a complete understanding of activities. This functionality represents a significant added value, considering the complexity and volumes of information that a SIEM & SOAR system manages at all times.