Tenable Solutions
SIEM
Tenable Network Security's Unified Security Monitoring strategy for compliance and security monitoring surpasses traditional Security Information and Event Management (SIEM) concepts. Tenable's SIEM technology collects all logs, software activity, user events and network traffic. All data is analyzed for correlated events and impact on compliance. Event context about any system is provided by Tenable Nessus vulnerability and configuration scans or real-time monitoring with the Tenable Passive Vulnerability Scanner.
Alerting
Configure and receive automatic alerts based on customized event thresholds.
Event Correlation
Multiple forms of event correlation are available for all events including statistical anomalies, associating IDS event with vulnerabilities and alerting on first time seen events.
Log Normalization
Normalize, correlate and analyze user and network activity from log data generated by any device or application across the enterprise in a central portal.
User Monitoring
Monitor user activity including events such as a NetFlow, IDS detection, firewall log, file access, system error or login failure can be associated with users for easy reporting and insider threat detection.
NetFlow Analysis
Each instance of the Tenable Log Correlation Engine includes agents for many different platform technologies - including NetFlow analysis. This enables collection of NetFlow traffic logs from routers, switches and other network devices.
Network Content Analysis
Analyze network content with Tenable Passive Vulnerability Scanner, used to monitor network traffic in real-time. It produces an accurate vulnerability report and produces a real-time forensic log of network events such as shared files, DNS lookups and social network activity.