Revolutionizing security operations with next-generation SIEM

CrowdStrike Falcon Next-Gen SIEM (NG-SIEM) is a next-generation platform that enables integrated security operations centered on EDR. It provides the functionality needed to advance security operations, including real-time threat detection, flexible log collection, and AI-based incident analysis, all in one platform.

1. Integrated detection and response centered on EDR

Based on CrowdStrike's EDR "Falcon Insight," the system can incorporate logs from other products to enable a wider range of threat detection and response.Threats are visualized using detection rules based on MITRE ATT&CK, enabling efficient and effective operations on a single platform.

Strength 1: Providing various functions as a first party

Not only EDR but also various other areas are covered as a platform
(Example) When incorporating EDR, cloud security, authentication security, and SWG

Incident investigation (detection screen)

In addition to first-part detection such as EDR, Identity, and Cloud, you can also manage third-party alerts in an integrated manner on a single screen.
In addition, it automatically generates heat maps based on MITRE ATT&CK tactics and techniques to visualize risks and indicators within your environment.

2. SaaS-native platform

As a cloud-based service, NG-SIEM can easily integrate with a wide range of third-party products, both cloud and on-premise.
*When collecting log sources from an on-premise environment, it may be necessary to set up a relay server (Log Collector).

Constitution

• cloud native
• Ability to collect logs from any data source

3. Attractive licensing system with SOAR included + 10GB free

SOAR functionality is included free of charge. In addition, if you use Insight XDR, you can use NG-SIEM with up to 10GB of third-party logs per day at no additional license cost.

NG-SIEM licensing system

Necessary functions are equipped as standard, making it the best option for customers

What is NG-SIEM 10GB Free?

CrowdStrike Insight XDR customers can access the NG-SIEM features.
Although there are restrictions on the amount of logs that can be imported, it is possible to do the following:

[Restrictions]

• Compatible modules: CrowdStrike Falcon Insight XDR
• Import limit: 10GB/day
  *Logs from non-CrowdStrike products can be imported regardless of the product if the daily usage is less than 10GB.

Long-term log storage made possible by Falcon LogScale

LogScale and Box integration solution

We have developed our own LogScale Collector solution for ingesting Box logs, which is available for use.

LogScale Box log ingestion solution

We have prepared a script specifically for importing data into Box.
It is possible to import Box logs without any development required for importing.