/ TEHTRIS SIEM
Security Information & Event Management

Centralize and organize the management of all the logs in your environment: events from systems, applications, network or security devices.

Get better insights from your security alerts

Integrated with the TEHTRIS XDR Platform, TEHTRIS SIEM enables real-time incident detection and response and automation of SOC services to provide insightful overviews and intelligent alerts, making it easier for your security operations center response team.

Make the right decisions with intelligent data correlation.

TEHTRIS SIEM takes into account what is happening on the machine and beyond. By monitoring your entire environment and its interactions, the solution keeps your assets under control and gives you unique visibility into the network. It interprets massive streams of heterogeneous events looking for anomalous behavior, and provides qualified alerts to the SOC in real time.

Why TEHTRIS SIEM?

Pictogramme : Checklist

CORRELATIONS

TEHTRIS SIEM comes with several hundred correlation rules that can be activated for all the major classic sources of an infrastructure: Windows, Antivirus, Authentication, etc.

Pictogramme CTI Sécurité: Cadenas

SECURITY

TEHTRIS SIEM runs on appliances using the TEHTRIX distribution with full disk encryption, advanced RBAC protection mechanisms in the kernel and anti-0-day protections.

Pictogramme : Rocket TEHTRIS

INCREASED POWER

TEHTRIS SIEM is fully and natively integrated with the TEHTRIS XDR Platform with tools for CTI, Hunting, Compliance, incident management, etc.

Pictogramme Virus barré avec un chrono affichant 0 secondes

HYPER AUTOMATION

TEHTRIS SIEM is directly connected to the integrated SOAR of the TEHTRIS XDR Platform, simplifying the cost, maintenance and integration of these technologies in an efficient and worry-free manner, despite the sophistication of the solutions.

Pictogramme : Clé avec de sliens à l'intérieur

SIMPLICITY

TEHTRIS has drastically simplified the complexity of SIEM projects with an operated mode offer, from deployment to operational maintenance.

Pictogramme : Nuage avec une médaille étoilée dessus

CLOUD & ON-PREMISE

Benefit from a flexible architecture. TEHTRIS SIEM can be deployed in Cloud and On-premise modes, or in a hybrid of the two. Control the location of data, even in a multi-cloud environment.

Le TEHTRIS EDR s'intègre parfaitement à la solution cybersécuritaire ultime de TEHTRIS : la XDR Platform

Perfectly integrated
in the XDR Platform

When it comes to cybersecurity, orchestrating events and reacting to threats effectively and quickly is a fundamental challenge. One of the best ways to do this is with powerful automation and artificial intelligence. That’s what TEHTRIS offers with its SOAR integrated with the TEHTRIS XDR Platform.

Discover how we create hyper automation!

Supported platforms

Vendors Products Families
A10 Networks Load Balancer Network / Infrastructure
Accellion Secure File Transfer Security or Network
Access Layers Portnox Network / Infrastructure
Adtran NetVanta Network / Infrastructure
Adtran Bluesocket Network / Infrastructure
AirTight Networks SpectraGuard Network / Infrastructure
Alcatel-Lucent NGN Switch Network / Infrastructure
Alcatel-Lucent VitalQIP Proxy
Amazon Amazon S3 Cloud
American Power Conversion Uninterruptible Power Supply Network / Infrastructure
Ansible Ansible Applications
Apache Software Foundation Apache Web Server Network / Infrastructure
Apple Inc. Mac OS X OS
Arbor Networks Peakflow SP Security
Arbor Networks Peakflow X Security
Arbor Networks Pravail NIDS
ArcSight Common Event Format Security
Aruba Aruba OS OS
Aruba ClearPass Network / Infrastructure
Attivo Networks BOTsink Security
Axway SecureTransport Proxy
Balabit Balabit Identity Services
Barracuda Networks Spam Firewall Firewall
Barracuda Networks Web Application Firewall Firewall
Barracuda Networks Barracuda Web Filter Security
BeyondTrust BeyondInsight Security
Bit9 Bit9 Security Platform / Parity Suite Antivirus/EPP
Bit9 Carbon Black Security
Blue Coat Reporter Applications
Blue Coat Director Network / Infrastructure
Blue Coat ProxySG Proxy
Blue Ridge Networks BorderGuard Firewall
BlueCat Networks BlueCat DNS/DHCP Server Network / Infrastructure
Bradford Networks Campus Manager Network / Infrastructure
Bro Network Security Monitor Bro Network Security Monitor Network / Infrastructure
Brocade IronView Network Manager Network / Infrastructure
Brocade BigIron FastIron and NetIron Network / Infrastructure
Brocade VDX Switch Network / Infrastructure
CA Technologies DataMinder Security
CA Technologies SiteMinder Network / Infrastructure
Check Point Check Point via Splunk Firewall
Cisco Unified Communications Applications
Cisco IronPort Email Security Email Security
Cisco PIX/ASA/FWSM Firewall
Cisco Open TACACS+ Identity Services
Cisco NAC Appliance Network / Infrastructure
Cisco MDS Network / Infrastructure
Cisco Wireless Control System Network / Infrastructure
Cisco Wireless LAN Controller Network / Infrastructure
Cisco Meraki Network / Infrastructure
Cisco WAP200 Network / Infrastructure
Cisco Firepower Management Center Network / Infrastructure
Cisco Identity Services Engine Network / Infrastructure
Cisco Firepower Management Center NIDS
Cisco Secure ACS NIDS
Cisco IOS OS
Cisco NX-OS OS
Cisco CATOS v7xxx OS
Cisco Unified Computing System Proxy
Cisco WAAS Proxy
Cisco IronPort Web Security Appliance Proxy
Citrix NetScaler Proxy
Citrix Secure Gateway Proxy
Cluster Labs Pacemaker Applications
Code Green TrueDLP Data Loss Prevention Security
Cofense Cofense Intelligence Security
Cofense Cofense Triage Email Security
Cooper Power Systems Yukon IED Manager Suite Applications
Cooper Power Systems Cybectec RTU Network / Infrastructure
Corero Corero IPS NIDS
Corvil Security Analytics Security
CyberArk Enterprise Password Vault Applications
CyberArk Privileged Identity Management Suite Applications
CyberArk Privileged Threat Analytics Security
Cyberoam Cyberoam UTM and NGFW Firewall
Cylance CylancePROTECT Antivirus/EPP
Cyrus Cyrus IMAP and SASL Email Security
D-Link NetDefend UTM Firewall Firewall
Damballa Failsafe Antivirus/EPP
Dell SonicOS Firewall
Dell PowerConnect Switches Network / Infrastructure
Dell Aventail VPN
DenyAll rWeb Firewall
DG Technology - InfoSec Mainframe Event Acquisition System OS
Digital Guardian Digital Guardian Platform Security
Econet Sentinel IPS NIDS
EdgeWave iPrism Web Security Proxy
Enforcive Cross-Platform Audit OS
Enterasys Networks Enterasys N and S Switches Network / Infrastructure
Enterasys Networks Enterasys Network Access Control Network / Infrastructure
Enterasys Networks Dragon IPS NIDS
Entrust IdentityGuard Applications
Epic Clarity Applications
Ergon Airlock WAF Firewall
Exabeam Exabeam UEBA Security
Extreme Networks ExtremeWare XOS OS
F5 Networks BIG-IP Access Policy Manager Proxy
F5 Networks BIG-IP Application Security Manager Firewall
F5 Networks BIG_IP Local Traffic Manager Proxy
F5 Networks Firepass SSL VPN VPN
Fidelis Fidelis XPS Network / Infrastructure
FireEye FireEye Malware Protection System Antivirus/EPP
Fluke Networks AirMagnet Enterprise Network / Infrastructure
Force10 Networks FTOS Network / Infrastructure
ForeScout CounterACT Network / Infrastructure
ForeScout CounterACT CEF Network / Infrastructure
Fortinet FortiGate UTM Firewall
Fortinet FortiManager Firewall
Fortinet FortiWeb Web Application Firewall Firewall
Fortinet FortiAuthenticator Identity Services
Fortscale Fortscale UEBA Security
FreeRADIUS FreeRADIUS Identity Services
Fujitsu IPCOM Firewall
Generic source of logs Standard Syslog Norms Applications
Gigamon GigaVUE Network / Infrastructure
GitHub GitHub Enterprise Applications
Global Technology Associates GNAT Box Firewall
Good Technology Good Mobile Control Applications
Google Search Appliance Applications
Gurucul Gurucul Risk Analytics Security
HBGary Active Defense Security
Hewlett-Packard Virtual Connect Applications
Hewlett-Packard ProCurve Network / Infrastructure
Hewlett-Packard 3Com Switches Network / Infrastructure
Hewlett-Packard OpenVMS OS
Hewlett-Packard LaserJet Printers Applications
Hitachi ID Systems Identity and Access Management Suite Identity Services
HP Tipping Point IPS
HyTrust HyTrust CloudControl Network / Infrastructure
IBM WebSphere DataPower SOA Appliances Applications
IBM Guardium Security
IBM Tivoli Endpoint Manager OS
IBM Proventia GX NIPS
IBM UDB Database
Imperva WAF/DAM Firewall
Infoblox NIOS OS
InterSect Alliance Snare for AIX Applications
InterSect Alliance Snare for Solaris Applications
InterSect Alliance Snare for Windows Applications
Interset Interset Security
Invincea Enterprise Security
Ipswitch WS_FTP Applications
Itron Itron Enterprise Edition Applications
Juniper Networks Steel Belted Radius Identity Services
Juniper Networks JUNOS - Structured-Data Format Applications
Juniper Networks JUNOS Router Network / Infrastructure
Juniper Networks NetScreen / IDP Network / Infrastructure
Juniper Networks Network and Security Manager Network / Infrastructure
Juniper Networks Juniper Secure Access/MAG VPN
Juniper Networks Secure Access version 7 VPN
Kaspersky Kaspersky Security
KEMP Technologies LoadMaster Network / Infrastructure
Kerio Technologies Kerio Control Firewall
Lancope StealthWatch NIDS
Lastline Lastline Enterprise Firewall
Legacy Informant NIDS
Lieberman Enterprise Random Password Manager Applications
Locum RealTime Monitor Applications
LOGbinder LOGbinder for SharePoint (SP) Applications
LOGbinder LOGbinder for Exchange (EX) Applications
LOGbinder LOGbinder for SQL Server (SQL) Applications
Lumension Bouncer Applications
Lumension Bouncer Applications
Lumension Device Control Endpoint Manager Security Suite Security
MailGate Ltd. MailGate Server Applications
Malwarebytes Breach Remediation Antivirus/EPP
Malwarebytes Management Console Antivirus/EPP
McAfee Endpoint Protection Antivirus Antivirus/EPP
MEDITECH Caretaker Applications
Microsoft Exchange Email Security
Microsoft SharePoint Applications
Microsoft Windows Event Log OS
Microsoft Active Directory OS
Microsoft Office 365 Cloud
Microsoft Azure Cloud Cloud
Microsoft Advanced Threat Analytics Security
Microsoft Windows Defender Security
Microsoft Windows DNS/DHCP Network / Infrastructure
Motorola AirDefense Network / Infrastructure
MySQL MySQL Database
NetApp Data ONTAP Network / Infrastructure
NetApp DataFort Network / Infrastructure
NetFort Technologies LANGuardian Applications
NetIQ Security Manager Network / Infrastructure
NetIQ Sentinel Log Manager Network / Infrastructure
NetWitness Spectrum Antivirus/EPP
NetWitness Informer Applications
Niara Niara Security
Niksun NetDetector Applications
Nortel Networks Contivity VPN Network / Infrastructure
Nortel Networks Passport 8000 Series Switches Network / Infrastructure
Nortel Networks VPN Gateway 3050 VPN
Novell eDirectory Applications
Novell Identity and Access Management Identity Services
Okta Okta SSO Network / Infrastructure
OpenVPN OpenVPN VPN
Oracle Oracle Audit Database
Oracle Audit Vault and Database Firewall Database
Oracle Directory Server Enterprise Edition Identity Services
Oracle Solaris Basic Security Module - BSM OS
Oracle WebLogic Applications
Osiris Host Integrity Monitor OS
Palo Alto Networks Palo Alto Firewalls Firewall
Postfix Postfix Applications
PostgreSQL PostgreSQL Database
PowerTech Interact OS
Prevoty Prevoty Security
Proofpoint Messaging Security Gateway Applications
Radware AppWall Firewall
Radware AppDirector Network / Infrastructure
Radware LinkProof/FireProof Network / Infrastructure
Radware DefensePro NIDS
Raytheon SureView Applications
Raz-Lee Security iSecurity Suite Applications
Red Hat JBoss / WildFly v8 Applications
RedSeal Networks RedSeal 6 Security
ReversingLabs N1000 Network Security Appliance NIDS
RioRey DDoS Protection Firewall
Riverbed Steelhead Security
RSA Authentication Manager Identity Services
SafeNet Hardware Security Modules Security
SalesForce SalesForce Cloud Network / Infrastructure
SAP SAP Applications
Savant Protection Savant Antivirus/EPP
Secure Crossing Zenwall Applications
SecureAuth IEP SSO Identity Services
Sentrigo Hedgehog Database
Skycure Skycure Enterprise Network / Infrastructure
Skyhigh Networks Cloud Security Platform Security
SnapLogic SnapLogic Network / Infrastructure
Software Product Research DB2 Access Recording Services DBARS Database
Sonus GSX Network / Infrastructure
Sophos Email Security and Data Protection Email Security
Sophos UTM & Next-Gen Firewall Firewall
Sophos Web Security and Control Proxy
SourceFire SourceFire NS/RNA NIDS
Squid Squid Proxy
SSH Communications Security CryptoAuditor Identity Services
STEALTHbits StealthINTERCEPT NIDS
StillSecure Strata Guard NIDS
Stormshield Stormshield Security
Symantec Endpoint Protection Antivirus/EPP
Symantec Symantec Messaging Gateway Email Security
Symantec PGP Universal Server Applications
Symantec Symantec Web Gateway Proxy
Symantec Symantec Data Loss Prevention Security
Synology DiskStation Manager Applications
Systancia Ipdiva Secure VPN
Tenable Tenable Nessus Network / Infrastructure
ThreatConnect Threat Intelligence Platform Security
Thycotic Secret Server Identity Services
TippingPoint UnityOne NIDS
TippingPoint SMS Security
Tofino Security Tofino Firewall LSM Firewall
Topia Technology Skoot Applications
Townsend Security AS/400 OS
Trapezoid Trust Control Suite Security
TrapX Security DeceptionGrid Security
Trend Micro Deep Discovery Antivirus/EPP
Trend Micro Deep Security Antivirus/EPP
Trend Micro Deep Security Manager Antivirus/EPP
Trend Micro InterScan Web Security Suite Proxy
Trend Micro OSSEC Security
Tripwire Tripwire Enterprise Database
Tripwire Tripwire For Server Database
Trustwave Network Access Control Network / Infrastructure
Trustwave WebDefend Proxy
Trustwave Data Loss Prevention Security
Tufin SecureTrack Firewall
Type80 Security Software SMA_RT OS
UNIX Linux OS
VanDyke Software VShell Applications
Vericept Content 360 Applications
VMware VMware Applications
VMware AirWatch Network / Infrastructure
Voltage Security SecureData Enterprise Security
Vormetric Data Security Applications
Wallix Admin Bastion Network / Infrastructure
WatchGuard Technologies Firebox and X Series Firewall
Wave Systems Corp Safend Protector Security
Websense Websense Proxy
Wurldtech OpShield Firewall
Xirrus 802.11abgn Wi-Fi Arrays Network / Infrastructure
Yubico YubiKey Identity Services
Zenprise Secure Mobile Gateway Security
ZeroFOX ZeroFOX Applications
Zscaler Nanolog Streaming Service (NSS) Proxy
Titre MITRE ATTACK

MITRE ATT&CK compliance

MITRE ATT&CK is a knowledge base with a model of the behavior of a cyber attacker, reflecting the different phases of the attack life cycle according to the targeted platforms: Windows, Mac, Linux, mobile, etc.

Discover the compatibility of TEHTRIS XDR with MITRE ATT&CK

1

day to deploy TEHTRIS SIEM

6

months of log retention

100

countries where our technologies are deployed

Data Center, sauter vers le TEHTRIS EDR c'est faire le pari d'avoir une entreprise mieux protégée contre les cyberattaques

Take the leap to a more secure business.

Since its creation in 2010, TEHTRIS innovates and completes its defensive arsenal, through the different modules of the TEHTRIS XDR Platform.

Opt for a truly pragmatic management of modern threats.
Detect silent intrusion campaigns and regain control over all attack vectors.

FAQ

TEHTRIS SIEM combines security information management (SIM) and security event management (SEM). This is a perfect SIEM.

TEHTRIS SIEM includes an enhanced SIM sub-system, in charge of the collection of all the events from your infrastructure, the normalization of complex heterogeneous data, and the retention of your data inside a hardened storage.

TEHTRIS SIEM comes with an advanced SEM subsystem that acts as its brain. The latter has an intelligence layer to sort out data, select what is relevant and aggregate events in order to detect very complex attacks. Thanks to its internal correlation engine, TEHTRIS SIEM delivers scenario-based analyses.

TEHTRIS SIEM can smartly gather and keep your data for months, allowing your company to conduct Digital Forensic or Incident Response operations. Exporting your logs to a TEHTRIS SIEM appliance limits the risk associated with the loss of activity evidence from the system, application and infrastructure layers. In the event of an intrusion, attackers would no longer be able to erase their fingerprints from the logs, enabling you to follow the progress of the attack thanks to TEHTRIS XDR Platform. In addition, post-incident analysis of archived raw logs can simplify forensic operations against complex attacks like identity theft, internal bounces and malicious elements.

When TEHTRIS SIEM is delivered, it comes with more than 500 built-in rules, linked to IT environment standards. For example, you already have everything for your operating systems (Windows, Linux, etc.). TEHTRIS SIEM is thus closely intertwined with the TEHTRIS XDR Platform, making it a plug-and-play, intuitive and efficient tool to boost your threat hunting campaigns.

TEHTRIS SIEM centralizes and organizes the management of all security logs: events and logs of systems, applications and network or security equipment. Once collected, archived and encrypted, these elements are analyzed through the correlation engine to detect suspicious activities and report alerts in all traditional business environments such as Windows, Unix, cloud, firewalls, proxies, etc.

Not only does TEHTRIS SIEM take into account what is happening on a single machine, but it can also monitor your entire system environment, complete with its complexities and all its interactions. This allows you to keep control of your assets by getting a clear view of the inside of your network. With the TEHTRIS SIEM and thanks to the cyber threat intelligence provided by the TEHTRIS XDR Platform, you can also keep an eye on what’s happening outside your network and know where threats are coming from.

TEHTRIS SIEM can detect abnormal behaviors and trigger qualified alerts in real time to your SOC response team. It makes sense of an unlimited stream of heterogeneous event logs from various source devices, products and sensors, to present your analysts with only relevant and actionable information.

TEHTRIS SIEM can easily replace your current SIEM solution. All you have to do is share your current diagrams with us, and we will come up with several easy options to look into. To facilitate your migration, there can be a transition phase with two co-existing SIEM solutions.

News about TEHTRIS SIEM

Legal notice
* © 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
*** The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.
« Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates »