CDACSIEM

A comprehensive security solution having a data aggregator which gathers immense amounts of log data from the entire networked environment, normalizes and applies analytics, as well as provides complete visibility of security to the SOC analyst. It is a centralized solution that enables detection  and allows for investigation while providing insight visibility.

To be more precise CDACSIEM aggregates, normalizes, stores, and applies analytics to the data to detect threats and generate alerts for remediation.

Salient Features

• Log Analysis and Management
  In log analysis, various tasks are undertaken, including aggregating logs, parsing them, executing searches, configuring alerts, and presenting the data through graphs or other data visualizations. Collection of near real-time data for varied sources, followed by labelling and categorization for a centralized storage system.    
• Asset discovery and management
  Creates a comprehensive inventory of all the assets to gain better visibility and control over the organization's IT environment.
• Automated Vulnerability Scanner
  To audit discovered assets based on OPWASP standards, discovering the known vulnerabilities.
• Threat Intelligence 
  Supports proprietary and open-source intelligence feeds to make the system robust and responsive to modern threats. C-DAC Honeypot and Cert-in Feed have also been integrated.
• Alert Triage and Prioritization
  Rules-based alerting serves the purpose of automatically reviewing and prioritizing alerts based on pre-defined criteria, aiming to focus on reviewing  the most crucial alerts.
  A criticality level is a categorization assigned to an alert, serving as an indication of its level of importance. This aids incident responders in swiftly identifying and prioritizing the most crucial alerts for a timely and effective response.
• Alert Correlation
  Alert correlation, which involves grouping alerts, is utilized to gain a deeper comprehension of the connections between alerts originating from various sources. This approach aims to consolidate multiple alerts into a single high-level incident for a more comprehensive view.
• Adherence to the MITRE ATT&CK® framework
  The ATT&CK framework is employed as a crucial lens, encompassing all 14 categories, consisting of 101 techniques, and incorporating 180 sub-techniques within its framework to identify the kill chain.
• TIP & Threat Hunting
  Valuable information from log sources facilitates the process of threat hunting, enabling the identification of concealed malware or attackers, and the detection of suspicious activity patterns. Building a TIP repository where in making information is consumable and shareable in a standardized format.
• Reporting and Dashboard
  Provides a simple and user-friendly dashboard to help SOC analysts understand and interpret the data.
• Complete visibility and compliance reporting
  The visibility aspect of CDACSIEM allows organizations to monitor user activities, track access to critical systems, and identify anomalies that could indicate unauthorized access or potential breaches. It helps security analysts gain insights into the overall security posture of the organization and respond proactively to emerging threats and aid in compliance efforts by generating comprehensive reports that demonstrate adherence to compliance regulations such as PCI-DSS, HIPAA, NIST, etc.
• Ticket Management System
  SOC analysts can raise the ticket through a robust ticket management system. Also, based on the confidence score of the IOC, and if it exceeds the set threshold value, a ticket is generated for immediate action or forwarded to the IR system.
• Knowledge base & dedicated resources for attacks 
  Our dedicated research team maintains a centralized and constantly updated repository of known attack patterns, threat indicators, and security vulnerabilities.
  This knowledge base is often sourced from various cybersecurity intelligence feeds, public databases, vendor advisories, and internal research.