A comprehensive SIEM solution to

Highlights of SAVRUS

• Real-time data collection with an event flow over 300K EPS
• Full security visibility with 500+ integrations
• Simple connection of new event sources & Custom logs parser
• High speed: search over 100 TB logs database takes up to 5 seconds
• 2 types of correlation analisis: real-time & scheduled correlation
• Intuitive interface with simple log filtering and drill-down
• Incident investigation in 15 seconds
• System installation in 48 hours
• Reports from predefined templates that help comply with PCI DSS, GDPR, FISMA, HIPAA, SOX, and GLBA mandate
• Customized reports and dashboards with a simple user interface

Architecture

Figure 1. SAVRUS Architecture

Connectors and collection module

• Collection and primary processing of events from log sources
• Normalization, filtering and categorization
• Routing and data caching

Event storage

• High performance storage of events and incidents
• Partition management
• Backup
• High availability mode

Control and analysis

• System resources and service procedures storage
• Active channels, active lists, visualization elements and reports management
• SAVRUS components health monitoring
• Intelligance data processing

Correlation module

• Real-time correlation
• Scheduled correlation and retrospective analysis

Consol

• SAVRUS system components and settings management
• Active channels and incident investigation
• Detecting, filtering and grouping events
• Custom templates & visualization

Interface

Figure 2. Active channel

Figure 3. Active channel with dashboards

Figure 4. Dashboard