Security information and event management (SIEM) solutions collect a range of security and other data from security controls and devices throughout the IT environment.
In the early days, it used to be focused on log management, but modern SIEM solutions help you correlate malware findings with context, user and application data, threat intelligence, and organizational information.
SIEM solution architectures provide advanced analytical tools and workflows to quickly inspect very large data sets, identify attacks, and help devise corrective actions.
In order to interrogate and identify the attacks, there is a need for a system that can store and process the enterprise security telemetry and a Business Intelligence tool that visualizes the data collected to derive the statistics. The former could be sufficed by Google’s SIEM solution Chronicle and the latter by a BI tool Looker which is now a part of Google Cloud.
Crest Data Systems helped Chronicle to create dashboards in Looker for threat summary and export as Looker Blocks in Looker Marketplace.
Business Goal was to create enhanced insights with the Looker visualizations having features such as Threat Geo maps, data trendlines, the period over period analysis, etc. which shall display integrated and correlated views of UDM events, Rule matches, Ingestion metrics information, and IOC Matches with several drill-downs till asset, user, IP addresses, domain and many more.
Dipika Mansukhani is working as a Senior Technical Lead at Crest Data Systems. She has 14+ years of experience in the areas of Big Data technologies like Hadoop; NoSQL databases like MongoDB, HBASE; Analytics solutions like ELK; Java, Python, Web Services, etc. Before joining Crest, Dipika worked as a Solutions Lead for Big Data solutions in her previous company and also as a Team Lead for project delivery. She holds a Masters Degree in Computer Applications from GLS University.