LogEase SOC(Security Operations Center)
LogEase SOC (Security Operations Center) platform is comprised of key components including LogEase SIEM, UEBA, and SOAR. It is designed to detect, analyze, and respond to both external attacks and internal threats.
Log Management
Supports the collection and parsing of logs from a wide range of network/security devices, operating systems, databases, middleware, and business systems. Comes with over 200 built-in collection and parsing rules, and supports various data source formats such as Syslog, Kafka, and databases, ensuring seamless integration and immediate usability for major vendor devices.
Threat Detection
Employs real-time detection engines and SPL (Search Processing Language) for complex event processing, and AI-driven analysis for threat and anomaly detection. Capable of detecting threats in seconds and enriching the context of security incidents by correlating with threat intelligence, vulnerability, asset, and identity information, thereby enhancing the accuracy of alerts and improving the efficiency of investigations and forensics.
Investigation and Analysis
Utilizes graph technology and SPL-powered threat hunting capabilities to rapidly analyze security incidents across network, endpoint, and cloud environments, enabling swift identification and tracking of suspicious attacks and internal anomalies.
Automated Response
Driven by SOAR (Security Orchestration, Automation, and Response), it integrates with a variety of security devices and systems (such as firewalls, Anti-DDoS, WAF, AD, bastion hosts, etc.) to automate responses to detected security incidents, such as blocking malicious IPs or locking down suspicious accounts.
Security Operations Visualization
Provides dashboards, reports, and visual displays that help organizations quantify security risks and gain real-time insights into their security posture. Facilitates informed decision-making on security governance strategies through operational metrics and assists security operators in quickly analyzing and pinpointing security incidents, thus boosting overall operational efficiency.
Provided by:
Yottabyte Information Technology Co., Limited