TEHTRIS SIEM
Sicherheitsinformationen und Ereignisverwaltung
Zentralisieren und organisieren Sie die Verwaltung aller Protokolle in Ihrer Umgebung: Ereignisse von Systemen, Anwendungen, Netzwerken oder Sicherheitsgeräten.
Sammelt, normalisiert und aggregiert alle Ereignisse
Die Lösung bietet ein effektives Alarmierungstool zur Überwachung der Sicherheit Ihrer Systeme und Anwendungen durch Ereignisberichte und Dashboards, die von einer Korrelations-Engine unterstützt werden, die Bedrohungsdaten über die umfassende TEHTRIS XDR Platform nutzt.
Treffen Sie die richtigen Entscheidungen mit intelligenter Datenkorrelation.
TEHTRIS SIEM berücksichtigt, was auf der Maschine und darüber hinaus passiert. Durch die Überwachung Ihrer gesamten Umgebung und ihrer Interaktionen behält die Lösung Ihre Ressourcen unter Kontrolle und bietet Ihnen einen einzigartigen Einblick in das Netzwerk. Sie interpretiert massive Ströme heterogener Ereignisse auf der Suche nach anomalem Verhalten und liefert dem SOC qualifizierte Warnungen in Echtzeit.
Warum TEHTRIS SIEM?
KORRELATIONEN
TEHTRIS SIEM verfügt über mehrere hundert Korrelationsregeln, die für alle wichtigen klassischen Quellen einer Infrastruktur aktiviert werden können: Windows, Antivirus, Authentifizierung, etc.
SICHERHEIT
TEHTRIS SIEM läuft auf Appliances, die die TEHTRIX-Distribution mit vollständiger Festplattenverschlüsselung, erweiterten RBAC-Schutzmechanismen im Kernel und Anti-0-Day-Schutz nutzen.
MEHR LEISTUNG
TEHTRIS SIEM ist vollständig und nativ in die TEHTRIS XDR Platform mit Tools für CTI, Hunting, Compliance, Incident Management, etc. integriert.
HYPER-AUTOMATISIERUNG
TEHTRIS SIEM ist direkt mit dem integrierten SOAR der TEHTRIS XDR Platform verbunden, was die Kosten, die Wartung und die Integration dieser Technologien auf effiziente und problemlose Weise vereinfacht, trotz der Komplexität der Lösungen.
EINFACHHEIT
TEHTRIS hat die Komplexität von SIEM-Projekten mit einem Angebot im Betriebsmodus drastisch vereinfacht, von der Bereitstellung bis zur betrieblichen Wartung.
CLOUD & ON-PREMISE
Profitieren Sie von einer flexiblen Architektur. TEHTRIS SIEM kann sowohl in der Cloud als auch On-Premise oder in einer Mischung aus beidem eingesetzt werden. Kontrollieren Sie den Standort der Daten, auch in einer Multi-Cloud-Umgebung.
Perfekt integriert in die XDR Platform
Im Bereich der Cybersicherheit ist die Orchestrierung von Ereignissen und die effektive und schnelle Reaktion auf Bedrohungen eine grundlegende Herausforderung. Eine der besten Möglichkeiten, dies zu erreichen, ist eine leistungsstarke Automatisierung und künstliche Intelligenz. Das ist es, was TEHTRIS mit seinem in die TEHTRIS XDR Platform integrierten SOAR bietet.
Entdecken Sie, wie wir Hyperautomatisierung schaffen!
Entdecken Sie unsere XDR Platform
| Vendors | Products | Families |
|---|---|---|
| A10 Networks | Load Balancer | Network / Infrastructure |
| Accellion | Secure File Transfer | Security or Network |
| Access Layers | Portnox | Network / Infrastructure |
| Adtran | NetVanta | Network / Infrastructure |
| Adtran | Bluesocket | Network / Infrastructure |
| AirTight Networks | SpectraGuard | Network / Infrastructure |
| Alcatel-Lucent | NGN Switch | Network / Infrastructure |
| Alcatel-Lucent | VitalQIP | Proxy |
| Amazon | Amazon S3 | Cloud |
| American Power Conversion | Uninterruptible Power Supply | Network / Infrastructure |
| Ansible | Ansible | Applications |
| Apache Software Foundation | Apache Web Server | Network / Infrastructure |
| Apple Inc. | Mac OS X | OS |
| Arbor Networks | Peakflow SP | Security |
| Arbor Networks | Peakflow X | Security |
| Arbor Networks | Pravail | NIDS |
| ArcSight | Common Event Format | Security |
| Aruba | Aruba OS | OS |
| Aruba | ClearPass | Network / Infrastructure |
| Attivo Networks | BOTsink | Security |
| Axway | SecureTransport | Proxy |
| Balabit | Balabit | Identity Services |
| Barracuda Networks | Spam Firewall | Firewall |
| Barracuda Networks | Web Application Firewall | Firewall |
| Barracuda Networks | Barracuda Web Filter | Security |
| BeyondTrust | BeyondInsight | Security |
| Bit9 | Bit9 Security Platform / Parity Suite | Antivirus/EPP |
| Bit9 | Carbon Black | Security |
| Blue Coat | Reporter | Applications |
| Blue Coat | Director | Network / Infrastructure |
| Blue Coat | ProxySG | Proxy |
| Blue Ridge Networks | BorderGuard | Firewall |
| BlueCat Networks | BlueCat DNS/DHCP Server | Network / Infrastructure |
| Bradford Networks | Campus Manager | Network / Infrastructure |
| Bro Network Security Monitor | Bro Network Security Monitor | Network / Infrastructure |
| Brocade | IronView Network Manager | Network / Infrastructure |
| Brocade | BigIron FastIron and NetIron | Network / Infrastructure |
| Brocade | VDX Switch | Network / Infrastructure |
| CA Technologies | DataMinder | Security |
| CA Technologies | SiteMinder | Network / Infrastructure |
| Check Point | Check Point via Splunk | Firewall |
| Cisco | Unified Communications | Applications |
| Cisco | IronPort Email Security | Email Security |
| Cisco | PIX/ASA/FWSM | Firewall |
| Cisco | Open TACACS+ | Identity Services |
| Cisco | NAC Appliance | Network / Infrastructure |
| Cisco | MDS | Network / Infrastructure |
| Cisco | Wireless Control System | Network / Infrastructure |
| Cisco | Wireless LAN Controller | Network / Infrastructure |
| Cisco | Meraki | Network / Infrastructure |
| Cisco | WAP200 | Network / Infrastructure |
| Cisco | Firepower Management Center | Network / Infrastructure |
| Cisco | Identity Services Engine | Network / Infrastructure |
| Cisco | Firepower Management Center | NIDS |
| Cisco | Secure ACS | NIDS |
| Cisco | IOS | OS |
| Cisco | NX-OS | OS |
| Cisco | CATOS v7xxx | OS |
| Cisco | Unified Computing System | Proxy |
| Cisco | WAAS | Proxy |
| Cisco | IronPort Web Security Appliance | Proxy |
| Citrix | NetScaler | Proxy |
| Citrix | Secure Gateway | Proxy |
| Cluster Labs | Pacemaker | Applications |
| Code Green | TrueDLP Data Loss Prevention | Security |
| Cofense | Cofense Intelligence | Security |
| Cofense | Cofense Triage | Email Security |
| Cooper Power Systems | Yukon IED Manager Suite | Applications |
| Cooper Power Systems | Cybectec RTU | Network / Infrastructure |
| Corero | Corero IPS | NIDS |
| Corvil | Security Analytics | Security |
| CyberArk | Enterprise Password Vault | Applications |
| CyberArk | Privileged Identity Management Suite | Applications |
| CyberArk | Privileged Threat Analytics | Security |
| Cyberoam | Cyberoam UTM and NGFW | Firewall |
| Cylance | CylancePROTECT | Antivirus/EPP |
| Cyrus | Cyrus IMAP and SASL | Email Security |
| D-Link | NetDefend UTM Firewall | Firewall |
| Damballa | Failsafe | Antivirus/EPP |
| Dell | SonicOS | Firewall |
| Dell | PowerConnect Switches | Network / Infrastructure |
| Dell | Aventail | VPN |
| DenyAll | rWeb | Firewall |
| DG Technology - InfoSec | Mainframe Event Acquisition System | OS |
| Digital Guardian | Digital Guardian Platform | Security |
| Econet | Sentinel IPS | NIDS |
| EdgeWave | iPrism Web Security | Proxy |
| Enforcive | Cross-Platform Audit | OS |
| Enterasys Networks | Enterasys N and S Switches | Network / Infrastructure |
| Enterasys Networks | Enterasys Network Access Control | Network / Infrastructure |
| Enterasys Networks | Dragon IPS | NIDS |
| Entrust | IdentityGuard | Applications |
| Epic | Clarity | Applications |
| Ergon | Airlock WAF | Firewall |
| Exabeam | Exabeam UEBA | Security |
| Extreme Networks | ExtremeWare XOS | OS |
| F5 Networks | BIG-IP Access Policy Manager | Proxy |
| F5 Networks | BIG-IP Application Security Manager | Firewall |
| F5 Networks | BIG_IP Local Traffic Manager | Proxy |
| F5 Networks | Firepass SSL VPN | VPN |
| Fidelis | Fidelis XPS | Network / Infrastructure |
| FireEye | FireEye Malware Protection System | Antivirus/EPP |
| Fluke Networks | AirMagnet Enterprise | Network / Infrastructure |
| Force10 Networks | FTOS | Network / Infrastructure |
| ForeScout | CounterACT | Network / Infrastructure |
| ForeScout | CounterACT CEF | Network / Infrastructure |
| Fortinet | FortiGate UTM | Firewall |
| Fortinet | FortiManager | Firewall |
| Fortinet | FortiWeb Web Application Firewall | Firewall |
| Fortinet | FortiAuthenticator | Identity Services |
| Fortscale | Fortscale UEBA | Security |
| FreeRADIUS | FreeRADIUS | Identity Services |
| Fujitsu | IPCOM | Firewall |
| Generic source of logs | Standard Syslog Norms | Applications |
| Gigamon | GigaVUE | Network / Infrastructure |
| GitHub | GitHub Enterprise | Applications |
| Global Technology Associates | GNAT Box | Firewall |
| Good Technology | Good Mobile Control | Applications |
| Search Appliance | Applications | |
| Gurucul | Gurucul Risk Analytics | Security |
| HBGary | Active Defense | Security |
| Hewlett-Packard | Virtual Connect | Applications |
| Hewlett-Packard | ProCurve | Network / Infrastructure |
| Hewlett-Packard | 3Com Switches | Network / Infrastructure |
| Hewlett-Packard | OpenVMS | OS |
| Hewlett-Packard | LaserJet Printers | Applications |
| Hitachi ID Systems | Identity and Access Management Suite | Identity Services |
| HP | Tipping Point | IPS |
| HyTrust | HyTrust CloudControl | Network / Infrastructure |
| IBM | WebSphere DataPower SOA Appliances | Applications |
| IBM | Guardium | Security |
| IBM | Tivoli Endpoint Manager | OS |
| IBM | Proventia GX | NIPS |
| IBM | UDB | Database |
| Imperva | WAF/DAM | Firewall |
| Infoblox | NIOS | OS |
| InterSect Alliance | Snare for AIX | Applications |
| InterSect Alliance | Snare for Solaris | Applications |
| InterSect Alliance | Snare for Windows | Applications |
| Interset | Interset | Security |
| Invincea | Enterprise | Security |
| Ipswitch | WS_FTP | Applications |
| Itron | Itron Enterprise Edition | Applications |
| Juniper Networks | Steel Belted Radius | Identity Services |
| Juniper Networks | JUNOS - Structured-Data Format | Applications |
| Juniper Networks | JUNOS Router | Network / Infrastructure |
| Juniper Networks | NetScreen / IDP | Network / Infrastructure |
| Juniper Networks | Network and Security Manager | Network / Infrastructure |
| Juniper Networks | Juniper Secure Access/MAG | VPN |
| Juniper Networks | Secure Access version 7 | VPN |
| Kaspersky | Kaspersky | Security |
| KEMP Technologies | LoadMaster | Network / Infrastructure |
| Kerio Technologies | Kerio Control | Firewall |
| Lancope | StealthWatch | NIDS |
| Lastline | Lastline Enterprise | Firewall |
| Legacy | Informant | NIDS |
| Lieberman | Enterprise Random Password Manager | Applications |
| Locum | RealTime Monitor | Applications |
| LOGbinder | LOGbinder for SharePoint (SP) | Applications |
| LOGbinder | LOGbinder for Exchange (EX) | Applications |
| LOGbinder | LOGbinder for SQL Server (SQL) | Applications |
| Lumension | Bouncer | Applications |
| Lumension | Bouncer | Applications |
| Lumension | Device Control Endpoint Manager Security Suite | Security |
| MailGate Ltd. | MailGate Server | Applications |
| Malwarebytes | Breach Remediation | Antivirus/EPP |
| Malwarebytes | Management Console | Antivirus/EPP |
| McAfee | Endpoint Protection Antivirus | Antivirus/EPP |
| MEDITECH | Caretaker | Applications |
| Microsoft | Exchange | Email Security |
| Microsoft | SharePoint | Applications |
| Microsoft | Windows Event Log | OS |
| Microsoft | Active Directory | OS |
| Microsoft | Office 365 | Cloud |
| Microsoft | Azure Cloud | Cloud |
| Microsoft | Advanced Threat Analytics | Security |
| Microsoft | Windows Defender | Security |
| Microsoft | Windows DNS/DHCP | Network / Infrastructure |
| Motorola | AirDefense | Network / Infrastructure |
| MySQL | MySQL | Database |
| NetApp | Data ONTAP | Network / Infrastructure |
| NetApp | DataFort | Network / Infrastructure |
| NetFort Technologies | LANGuardian | Applications |
| NetIQ | Security Manager | Network / Infrastructure |
| NetIQ | Sentinel Log Manager | Network / Infrastructure |
| NetWitness | Spectrum | Antivirus/EPP |
| NetWitness | Informer | Applications |
| Niara | Niara | Security |
| Niksun | NetDetector | Applications |
| Nortel Networks | Contivity VPN | Network / Infrastructure |
| Nortel Networks | Passport 8000 Series Switches | Network / Infrastructure |
| Nortel Networks | VPN Gateway 3050 | VPN |
| Novell | eDirectory | Applications |
| Novell | Identity and Access Management | Identity Services |
| Okta | Okta SSO | Network / Infrastructure |
| OpenVPN | OpenVPN | VPN |
| Oracle | Oracle Audit | Database |
| Oracle | Audit Vault and Database Firewall | Database |
| Oracle | Directory Server Enterprise Edition | Identity Services |
| Oracle | Solaris Basic Security Module - BSM | OS |
| Oracle | WebLogic | Applications |
| Osiris | Host Integrity Monitor | OS |
| Palo Alto Networks | Palo Alto Firewalls | Firewall |
| Postfix | Postfix | Applications |
| PostgreSQL | PostgreSQL | Database |
| PowerTech | Interact | OS |
| Prevoty | Prevoty | Security |
| Proofpoint | Messaging Security Gateway | Applications |
| Radware | AppWall | Firewall |
| Radware | AppDirector | Network / Infrastructure |
| Radware | LinkProof/FireProof | Network / Infrastructure |
| Radware | DefensePro | NIDS |
| Raytheon | SureView | Applications |
| Raz-Lee Security | iSecurity Suite | Applications |
| Red Hat | JBoss / WildFly v8 | Applications |
| RedSeal Networks | RedSeal 6 | Security |
| ReversingLabs | N1000 Network Security Appliance | NIDS |
| RioRey | DDoS Protection | Firewall |
| Riverbed | Steelhead | Security |
| RSA | Authentication Manager | Identity Services |
| SafeNet | Hardware Security Modules | Security |
| SalesForce | SalesForce Cloud | Network / Infrastructure |
| SAP | SAP | Applications |
| Savant Protection | Savant | Antivirus/EPP |
| Secure Crossing | Zenwall | Applications |
| SecureAuth | IEP SSO | Identity Services |
| Sentrigo | Hedgehog | Database |
| Skycure | Skycure Enterprise | Network / Infrastructure |
| Skyhigh Networks | Cloud Security Platform | Security |
| SnapLogic | SnapLogic | Network / Infrastructure |
| Software Product Research | DB2 Access Recording Services DBARS | Database |
| Sonus | GSX | Network / Infrastructure |
| Sophos | Email Security and Data Protection | Email Security |
| Sophos | UTM & Next-Gen Firewall | Firewall |
| Sophos | Web Security and Control | Proxy |
| SourceFire | SourceFire NS/RNA | NIDS |
| Squid | Squid | Proxy |
| SSH Communications Security | CryptoAuditor | Identity Services |
| STEALTHbits | StealthINTERCEPT | NIDS |
| StillSecure | Strata Guard | NIDS |
| Stormshield | Stormshield | Security |
| Symantec | Endpoint Protection | Antivirus/EPP |
| Symantec | Symantec Messaging Gateway | Email Security |
| Symantec | PGP Universal Server | Applications |
| Symantec | Symantec Web Gateway | Proxy |
| Symantec | Symantec Data Loss Prevention | Security |
| Synology | DiskStation Manager | Applications |
| Systancia | Ipdiva Secure | VPN |
| Tenable | Tenable Nessus | Network / Infrastructure |
| ThreatConnect | Threat Intelligence Platform | Security |
| Thycotic | Secret Server | Identity Services |
| TippingPoint | UnityOne | NIDS |
| TippingPoint | SMS | Security |
| Tofino Security | Tofino Firewall LSM | Firewall |
| Topia Technology | Skoot | Applications |
| Townsend Security | AS/400 | OS |
| Trapezoid | Trust Control Suite | Security |
| TrapX Security | DeceptionGrid | Security |
| Trend Micro | Deep Discovery | Antivirus/EPP |
| Trend Micro | Deep Security | Antivirus/EPP |
| Trend Micro | Deep Security Manager | Antivirus/EPP |
| Trend Micro | InterScan Web Security Suite | Proxy |
| Trend Micro | OSSEC | Security |
| Tripwire | Tripwire Enterprise | Database |
| Tripwire | Tripwire For Server | Database |
| Trustwave | Network Access Control | Network / Infrastructure |
| Trustwave | WebDefend | Proxy |
| Trustwave | Data Loss Prevention | Security |
| Tufin | SecureTrack | Firewall |
| Type80 Security Software | SMA_RT | OS |
| UNIX | Linux | OS |
| VanDyke Software | VShell | Applications |
| Vericept | Content 360 | Applications |
| VMware | VMware | Applications |
| VMware | AirWatch | Network / Infrastructure |
| Voltage Security | SecureData Enterprise | Security |
| Vormetric | Data Security | Applications |
| Wallix | Admin Bastion | Network / Infrastructure |
| WatchGuard Technologies | Firebox and X Series | Firewall |
| Wave Systems Corp | Safend Protector | Security |
| Websense | Websense | Proxy |
| Wurldtech | OpShield | Firewall |
| Xirrus | 802.11abgn Wi-Fi Arrays | Network / Infrastructure |
| Yubico | YubiKey | Identity Services |
| Zenprise | Secure Mobile Gateway | Security |
| ZeroFOX | ZeroFOX | Applications |
| Zscaler | Nanolog Streaming Service (NSS) | Proxy |
MITRE ATT&CK-Konformität
MITRE ATT&CK ist eine Wissensdatenbank mit einem Modell des Verhaltens eines Cyber-Angreifers, das die verschiedenen Phasen des Angriffslebenszyklus je nach Zielplattform widerspiegelt: Windows, Mac, Linux, Mobilgeräte, usw.
Entdecken Sie die Kompatibilität von TEHTRIS XDR mit MITRE ATT&CK
tag der Bereitstellung von TEHTRIS SIEM
monatelange Aufbewahrung der Protokolle
länder, in denen unsere Technologien eingesetzt werden
Bewahren Sie die Souveränität und Integrität Ihrer Daten
Seit 2010 innoviert und verbessert TEHTRIS seine Cyber Defense Lösung durch die verschiedenen Module der TEHTRIS XDR Platform.
Wählen Sie den europäischen Marktführer für Cybersicherheit!
FAQ
Is it a SIM or a SEM or a SIEM?
TEHTRIS SIEM combines security information management (SIM) and security event management (SEM). This is a perfect SIEM.
How do you collect the logs?
TEHTRIS SIEM includes an enhanced SIM sub-system, in charge of the collection of all the events from your infrastructure, the normalization of complex heterogeneous data, and the retention of your data inside a hardened storage.
How do you interpret the logs?
TEHTRIS SIEM comes with an advanced SEM subsystem that acts as its brain. The latter has an intelligence layer to sort out data, select what is relevant and aggregate events in order to detect very complex attacks. Thanks to its internal correlation engine, TEHTRIS SIEM delivers scenario-based analyses.
Can we use your SIEM to carry out forensic investigations?
TEHTRIS SIEM can smartly gather and keep your data for months, allowing your company to conduct Digital Forensic or Incident Response operations. Exporting your logs to a TEHTRIS SIEM appliance limits the risk associated with the loss of activity evidence from the system, application and infrastructure layers. In the event of an intrusion, attackers would no longer be able to erase their fingerprints from the logs, enabling you to follow the progress of the attack thanks to TEHTRIS XDR Platform. In addition, post-incident analysis of archived raw logs can simplify forensic operations against complex attacks like identity theft, internal bounces and malicious elements.
Does TEHTRIS SIEM come with correlation rules and can it be used from day one?
When TEHTRIS SIEM is delivered, it comes with more than 500 built-in rules, linked to IT environment standards. For example, you already have everything for your operating systems (Windows, Linux, etc.). TEHTRIS SIEM is thus closely intertwined with the TEHTRIS XDR Platform, making it a plug-and-play, intuitive and efficient tool to boost your threat hunting campaigns.
When it comes to logs and events, what can actually be collected?
TEHTRIS SIEM centralizes and organizes the management of all security logs: events and logs of systems, applications and network or security equipment. Once collected, archived and encrypted, these elements are analyzed through the correlation engine to detect suspicious activities and report alerts in all traditional business environments such as Windows, Unix, cloud, firewalls, proxies, etc.
Does TEHTRIS SIEM give you a more local or global view?
Not only does TEHTRIS SIEM take into account what is happening on a single machine, but it can also monitor your entire system environment, complete with its complexities and all its interactions. This allows you to keep control of your assets by getting a clear view of the inside of your network. With the TEHTRIS SIEM and thanks to the cyber threat intelligence provided by the TEHTRIS XDR Platform, you can also keep an eye on what’s happening outside your network and know where threats are coming from.
Can abnormal behaviors and anomalies be detected?
TEHTRIS SIEM can detect abnormal behaviors and trigger qualified alerts in real time to your SOC response team. It makes sense of an unlimited stream of heterogeneous event logs from various source devices, products and sensors, to present your analysts with only relevant and actionable information.
We already have a SIEM solution and we would like use TEHTRIS SIEM to upgrade our cybersurveillance, but can it be integrated into our current setup?
TEHTRIS SIEM can easily replace your current SIEM solution. All you have to do is share your current diagrams with us, and we will come up with several easy options to look into. To facilitate your migration, there can be a transition phase with two co-existing SIEM solutions.
* © 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
** Gartner and Market Guide are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner Market Guide for Extended Detection and Response, Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021
TEHTRIS recognized as a Representative Vendor in the 2021 Market Guide for Extended Detection and Response.
Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021
Gartner Innovation Insight for Unified Endpoint Security, Rob Smith, Dionisio Zumerle, 12th November 2020,
Gartner Market Guide for Mobile Threat Defense, Dionisio Zumerle, Rob Smith, 29th March 2021,
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.
