الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

Extended AI capabilities and resource visualization: great new features provided by Kaspersky SIEM

 

 

To bolster the productivity and effectiveness of cybersecurity teams, Kaspersky has unveiled a significant update to its Security Information and Event Management (SIEM) solution. The enhanced platform provides a new AI module for faster and more effective alert triage, helps to visualize resource dependencies and enables extended search capabilities.

According to Verified Market Research, the SIEM market was valued at $5.21 billion in 2024 and is expected to reach $10.09 billion by 2031. Among the key factors that contribute to such growth are rising cyber threats, regulatory compliance regulations and demand for rapid threat detection. Businesses are searching for solutions that enable them to collect and analyze data in real time, significantly enhancing their situational awareness. To meet this demand, Kaspersky added new features to its SIEM, allowing cybersecurity professionals to detect threats more efficiently.

Kaspersky SIEM is a security operations center (SOC) platform based on an AI-powered technology stack and reinforced by world-leading Threat Intelligence. The platform collects log data and enriches it with contextual information and actionable threat intelligence to provide all the data needed for incident investigation and response, while enabling automated responses to alerts and threat hunting.

New AI module

Kaspersky SIEM features a new AI module that improves triage alerts and incidents by analyzing historical data, while AI-based risk scoring of assets provides valuable hypotheses for proactive searches.

This module analyzes how the characteristic of a particular activity is related to different assets – workstations, virtual machines, mobile phones, and so on. If an alert detected by the system as a result of event correlation is not typical for the asset on which it is detected, such a detection is marked in the interface with an additional status. Therefore, analysts can quickly see incidents that require immediate attention.

Data collection by the Kaspersky Endpoint Security agent

Previously, to collect data from workstations running Windows and Linux, it was necessary to install a SIEM agent on each station or configure data transmission to an intermediate host and then configure data exchange with the SIEM. Now, if the Kaspersky Endpoint Security agent is installed on the host, it can directly send data to the SIEM system. This data can be used for further event searches, analysis, and correlation. Thus, the additional step of installing and monitoring separate SIEM agents is eliminated for customers who already use Kaspersky products for endpoint security.

Resource dependencies graph and extended search capabilities

The platform also improved its search capabilities and now allows customers to visualize how resources (filters, rules, lists) are connected with each other. A resource dependencies graph featuring a hierarchical folder structure makes it easier to find the correct search query for large teams or multiple stored searches. Analysts can quickly and precisely locate relevant events or create “rolling window” reports by defining the start and finish timeframes for a search query or report. Storing search query history enables the user to access previous inquiries with ease.

Content versioning

Kaspersky SIEM stores the history of resource changes in the form of versions. A resource version is created automatically when an analyst creates a new resource or saves changes to parameters in an existing resource. Version storage simplifies interaction within analyst teams. For example, one team member can see any changes a colleague has made in a correlation rule, and if necessary, undo them.

Unique field mapping

With the updated platform, analysts can now add an array of specified field values from the correlation rule’s unique field section to a correlation event, thus saving time by eliminating the need to search through field values in underlying events.

Kaspersky SIEM also enables the addition of specific field values to an exception if an alert is identified as a false positive. Each correlation rule generates a separate exception list, allowing analysts to focus on critical alerts and quickly reduce correlation rule ‘noise’.

“As SIEM is one of the main tools for SOC teams and IT security departments, we do everything we can to make our platform easier to use. These new features mean businesses can react to events faster and with less effort. Also, we enhanced our Kaspersky SIEM by enriching it with connectors to event sources and correlation rules. Today, our out-of-the-box rules already cover over 400 techniques from the MITRE ATT&CK matrix, and the number of supported sources has reached close to 300. And this number is constantly growing,” comments Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.

 

 

 

Related Posts:

Kaspersky warns travelers: AI-powered attacks are targeting hotel guests

“EFG Hermes Tops Extel 2025 with EMEA Conference”

Tashkeel Reopens Nad Al Sheba 1 Gallery with Of Liminal Threads by Ranim AlHalaky

Valu and MobileMasr Launch Egypt’s First Peer-to-Peer BNPL Service for Pre-OwnedSmartphones

Visa Offers Priority Ticket Pre-Sale for the TotalEnergies CAF AFCON, Morocco 2025 for Cardholders

Rasha Khalifa Al Mubarak Participates in Congress of Arabic and Creative Industries Alongside Hend Sabry, Mariam Naoum, and Nadine Labaki

Mastercard collaborates with HyperPay to transform the region’s business payments landscape

Talaat Mostafa Group collaborate

آخر الأخبار
١٢ مليون و ١٢٦ ألف جنيه حصيلة البيع  لجمارك سيارات وبضائع جمارك سفاجا والسويس نائب وزير المالية ورئيس المصلحة يعقدان اجتماعًا موسعًا مع شركة MTS شركة البناء العربي تُعلن عن خصومات حصرية 100 ألف جنيه لأعضاء النقابات المهنية بمعرض إسكان نقابة التج... مكتب التنسيق: إعلان نتائج تقليل الاغتراب لتنسيق طلاب المرحلة الثالثة للثانوية العامة رئيس الوزراء يناقش مع وزير الدولة السعودى حزمة استثمارات سعودية فى مصر مطالب بفتح باب تقنين أراضي "جمعية السلام" في الشروق… مليارات الجنيهات تنتظر الدولة وزير الدفاع والإنتاج الحربى يلتقى وزير الدفاع لجمهورية جامبيا Amer Group Obtains License from the General Authority for Tourism Development to Launch “Polotano,” ... عامر جروب تحصل على ترخيص "الهيئة العامة للتنمية السياحية" لإطلاق "بولوتانو" أحدث مراحل "بورتو السخنة... دعوة الدول الإفريقية إلى اغتنام الفرص لتعزيز اقتصاداتها من خلال خططها الوطنية المناخية الجديدة "NDCs... وزير الاستثمار يلتقي وزيرة التجارة الإسبانية لبحث تعزيز الشراكة الاقتصادية وتيسير حركة التجارة كاسبرسكي تحذر المسافرين من هجمات إلكترونية تستهدف نزلاء الفنادق «الإسماعيلية للاستثمار العقاري» تفوز بجائزة وطنية مرموقة لدورها الرائد في إحياء التراث المعماري في م... Kaspersky warns travelers: AI-powered attacks are targeting hotel guests بطولة مصر الوطنية للجوجيتسو تفتح آفاقاً جديدة لمستقبل الرياضة في المنطقة "ديفز هوت تشيكن" يفتتح أول فروعه في أبوظبي "إي إف چي هيرميس تتصدر تصنيف Extel 2025 في أوروبا الناشئة والشرق الأوسط وإفريقيا" "EFG Hermes Tops Extel 2025 with EMEA Conference" جارتنر: 50% من الإنفاق على أمن المعلومات سيكون لتقنيات الأمن السيبراني الاستباقية بحلول 2030 الشارقة السينمائي الدولي 12".. احتفاء بالإبداع والتجارب الإنسانية