AlienVault Unified Security Management™ (USM) provides full function Security Information and Event Management (SIEM) and log management software capabilities, with the added advantage of integrated host and network IDS, netflow analysis, and vulnerability assessment for complete security monitoring. SIEM solutions include log management, event management, correlation, and more sophisticated reporting than purpose-built log management products. Both have value in the worsening threat landscape.
System Compromise – Behavior indicating a compromised system.
Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.