SIEM
- 07 Jul 2023
- DarkLight
SIEM
- Updated on 07 Jul 2023
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Service Overview
Expedient SIEM is a powerful platform that provides the infrastructure and interface to allow clients to quickly detect and investigate security incidents so their security team can plan an effective response. Expedient maintains the hardware platform, software updates, licensing, and ongoing maintenance as a managed service so clients can focus on the security posture of their environment and not the platform monitoring it. Clients have full access to view and create dashboards, create custom alerts, and integrate operating system and application logs and events to gain full visibility into their security posture.
Service Features
- Pay per endpoint
- Dedicated instance
- Monitor security across any cloud or platform
- Powerful out-of-the-box dashboards
- Integrated with other Expedient services
- Guided dashboard creation
- Customized retention options
Default Deployment Settings
- Dedicated instance
- 30 days of retention
- Longer retention is available via object storage
- Default set of dashboards
Use Cases
- Security monitoring and alerting
- Event management
- Security log analysis
- Cloud security monitoring
- Application security monitoring
- Operating system security log analysis
Responsibility and Accountability Matrix
SIEM Responsibility Matrix | ||||
Platform | ||||
Task | Expedient | Client | Co-Managed | Co-Managed tasks can be performed by Expedient or Client based on Client's preference |
Procure, Install, Configure, Manage and Maintain Hardware | X |
|
|
|
Procure, Install, Configure, Manage and Maintain Software | X |
|
|
|
Capacity Management & Reporting | X |
|
|
|
Management Console User and Access Management |
|
| X |
|
Management | ||||
Install Agents - Windows |
|
| X | Expedient will assist with agent installs |
Configure Agents - Windows |
|
| X |
|
Install Agents - Linux |
|
| X | Expedient will assist with agent installs |
Configure Agents - Linux |
|
| X |
|
Monitoring | ||||
Deploy standard dashboards | X | Expedient creates default dashboards for Expedient services and operating system monitoring. Clients can create additional dashboards to meet more specific needs. | ||
Create custom dashboards | X | |||
Configure Expedient service integrations | X | Expedient will configure all integrations with Expedient services | ||
Configure third party/external integrations | X | |||
Monitoring and alerting for alarm thresholds |
| X | Expedient will create a set of default alarms, clients can create custom alerts and modify default alerts as necessary | |
Troubleshoot alerts |
|
| X | Expedient services are limited to tasks with the operating system, monitoring agent, and Expedient services. Clients are responsible for application-level troubleshooting |
Supported Platforms
Applications/Platforms Supported |
|---|
Expedient Services
|
Guest Operating Systems
|
Physical Servers
|
Hyperscale Cloud
|
On-Premises Workloads
|
Unsupported Platforms
Applications/Platforms Not Supported |
|---|
Operating Systems
|
Was this article helpful?