Thanks to the new update it is now possible to configure scripts in the system’s interface, which initiate automated response in case of an incident detection. In the scripts editor, which is built-in the SearchInform SIEM, an information security officer can add any action script, which SIEM will comply with in order to eliminate the threat.

 “The new functionality which is not typical for SIEM class solutions was added to the SearchInform SIEM. The system now not only deals with the basic tasks of events flow processing and threat detection, but also eliminates them automatically. In case the system detects suspicious events, it prevents an incident according to the security policies and an information security officer receives a notification about the incident. In case some critical activities occur in the customer’s infrastructure, the SIEM-solution will respond specifically. For instance, in case a massive files encryption process is activated the SIEM system will activate the antivirus program response (scanning, deleting of files or removing of malware to the sandbox)” – told the leading analyst at SearchInform Alexey Parfentiev.

The SearchInform SIEM updated functionality enables to automatize information security officer actions and eases the process of solving monotonous tasks, for instance, in case it is required to block a compromised account in all the environments.