MaxPatrol SIEM provides 360º visibility into infrastructure and detects security incidents. The solution is regularly updated with knowledge from Positive Technologies experts, and effortlessly adapts to network changes.
01
Overview
Detection of malicious activity in traffic
MaxPatrol NAD Sensor provides full network visibility. This component analyzes network traffic in depth, passively collects data about assets, and detects attacks. The component notifies in real time about attackers’ attempts to expand their presence in infrastructure, steal data, exploit vulnerabilities, use hacker tools, or contact C2 servers.
02
Up-to-the-minute knowledge
The Positive Technologies Expert Security Center and R&D team monitor and perform research into new threats. Their know-how is regularly made available in expertise packs from Knowledge Base. Expertise packs contain new rules, updated parameters for collection and incident handling, response recommendations, and reputation lists. Packs are automatically provided to MaxPatrol SIEM in order to detect threats before serious consequences arise.
Correlation rules (included in expertise packs) can be easily customized to fit infrastructure. We provide detailed instructions and whitelists, which are prepopulated based on experience with real infrastructures.
Positive Technologies Expertise
- Security Audit
- Information Security Incident Investigation
- Threat Research
- Penetration Testing
PT Knowledge Base
- New Rules
- Response Recommendations
- Reputation Lists
MaxPatrol SIEM
Detection of Current Threats
03
Key benefits
Maintain the full enterprise-wide security picture
View the entire security situation at a glance, with dashboards that show events, incidents, asset vulnerabilities, and triggered rules. Users can customize dashboards by selecting from 20 default widgets or creating their own.
Detect the important threats
Our experts' know-how for pinpointing the latest threats is regularly encapsulated in expertise packs available from PT Knowledge Base. Expertise packs contain new rules, updated parameters for collection and incident handling, and response recommendations. Packs can be installed in just two clicks.
Get 360º visibility into infrastructure
MaxPatrol SIEM collects data about all networked elements of the IT infrastructure. By performing detailed inventory of assets, MaxPatrol SIEM retains the full history at every point in time, including software installed, events, vulnerabilities, configuration, and topology. Events are collected both actively and passively.
Configure your system with a checklist
The configuration checklist helps to get SIEM up and running without making you refer to documentation. Setting up the system takes 11 steps. Each step has clear instructions and links to additional information.
Create incident detection rules in a few clicks
When it's time to make a new rule in MaxPatrol SIEM, there's no need to learn a language or write code. Just use the special rule constructor. With this constructor, select events, arrange them in order, and specify trigger conditions—one step at a time.
Prevent false positives from reoccurring
In just a few clicks, MaxPatrol SIEM users can add exceptions to detection rules. To do this, you can mark parameters for events that should be ignored in the future, such as a network host address or specific username.
Keep data sources under control
Source monitoring can be flexibly configured in MaxPatrol SIEM with consideration of typical activity patterns (for example, fewer events at night than during the day). In case of non-availability of a source, anomalies in event distribution, or delays in obtaining event data, system operators are immediately alerted.
Evaluate feasibility of attacks
MaxPatrol SIEM automatically maps network topology and updates this information as changes occur. Visualization helps to better understand infrastructure, check ports on assets, evaluate feasibility of attacks, and investigate incidents.
Stay on top of changes in infrastructure
MaxPatrol SIEM accurately identifies IT assets even in a shifting landscape. Asset groupings adapt to the latest network changes. With these features, it's easy to configure correlation rules for keeping an eye on systems that have outdated software or particular vulnerabilities.
Get in touch
Fill in the form and our specialists will contact you shortly.