It supports the automatic analysis, filtering, enrichment, content interpretation and normalization of hundreds of common devices from vendors at home and abroad, and supports various inputs such as Syslog, DB, SNMP, Netflow, API interface, mirror traffic and files.
Through full traffic detection technology, dozens of network protocols can be restored in platform, to achieve accurate detection of compromised hosts, network intrusions, viruses, abnormal traffic, DDoS attacks and so on.
Platform take advantage of QAX proprietary intelligence base and self-developed technologies. matching massive threat intelligence to generate valuable compromise alerts. And also using correlation analysis, log matching and to deal with various scenarios.
The platform is equipped with SABRE, a distributed streaming correlation analysis engine, which provides multi-source data correlation analysis, flexible threat modeling and rich context information display capabilities to help improve the accuracy of threat detection.
Through the analysis from macro to micro, based on the siems powerful data query and correlation analysis capabilities, combined with rich BI components, the threat is presented on the security dashboard from the perspective of security personnel.
For the recent occurrence of high-frequency query data through the hot data mode storage, the overall data search will support 10 billion-level data second-level retrieval.
QAX SIEM can agilely configure linkage disposal and automate the response strategy against various cyber attacks. For more complex security incidents, QAX SIEM can send incidents information to SOAR which can execute playbooks according to user-defined orchestration. With SOAR, the solution can empower clients to finish the "last mile" operation work successfully.
Through the combination of asset value, vulnerability information and threat information, the risk assessment of the whole network assets is carried out, and the risk indicators are quantified to help users better understand and control security risks and provide strong support for security decision-making.
Through the preset dashboards, reports, views, and themed situational large screens, the network security situation can be visually displayed from different angles to meet the needs of communication, reporting and decision-making assistance.
QAX SIEM is based on the big data technology architecture, which successfully solves the problems of massive data acquisition, storage and calculation. The data retrieval module of the analysis platform uses distributed computing and search engine technology to process all data, and can establish clusters through multiple devices to ensure the supply of storage space and computing power.
QAX SIEM is equipped with SABRE, a distributed association analysis engine, which presets 1000 + association analysis rules and 100 + semantic support. The DGA detection technology based on machine learning has a detection accuracy of 99.94%. Through full traffic detection technology, the platform can restore dozens of network protocols, and accurately detect lost hosts, network intrusions, network viruses, abnormal traffic, DDoS attacks, etc.
With the support of strong basic big data architecture and the assistance of strong detection capability of distributed streaming engine, QAX SIEM has established a perfect support system for threat disposal and response process. Users can manage the whole life cycle of security data through the platform to form a closed-loop security operation capability covering threat discovery, threat analysis, response disposal and continuous monitoring.
QAX Group has a full-time product operation service team, which can provide on-site security operation , managed security services/managed detection&response, operation consultation and operation technology training services to help customers improve the efficiency, reflect the value of safe operation and solve the practical difficulties of personnel shortage.