Integration with Logstash
Logstash is one of the original components of the Elastic Stack, and used to parse, enrich and process data. i-SIEM uses Logstash to ingest logs of all sizes, formats and sources.
On top of the standard LS enrichments, empow’s i-SIEM brings high quality threat enrichments based on our UEBA, NTA, and NLP processes that digest constant feeds of Threat Intelligence information. empow’s classification proprietary technologies enriches security alerts logs, user activity logs and network traffic logs – all information is transformed into one common schema, the Elastic Common Schema (ECS).
That means that i-SIEM adds its own attacker intent enrichment during the ingestion stage (using MITRE terminology) that gives each log a security context, making it easily searchable by security analysts.
Integration with Elasticsearch
i-SIEM stores all the classified enriched logs into Elasticsearch indices, creating a powerful data lake which includes security context and complete identity enrichment. More importantly, all attack stories and entities that are detected and prioritized by i-SIEM are stored in Elasticsearch. This allows the analyst to work much faster on the data , covering many more potential and real incidents.
Our tight and optimized integration with Elasticsearch provides scale-out architecture with full redundancy, which is especially important for security data lakes due to the massive volume of data ingestion and the required data retention.
Integration with Kibana
Beyond customizing your own dashboard and reports with Kibana, i-SIEM provides its own predefined Kibana dashboards that are built to provide visibility into the environment and interactively investigate any security use case. i-SIEM utilizes Canvas for reports as well as exports to CSV, PDF and PNG. All Kibana x-pack features such as machine learning, graph, watcher, security, etc. are also available for non-security needs.