Revolutionizing security operations with next-generation SIEM

CrowdStrike NG-SIEM is a next-generation platform that enables integrated security operations centered on EDR. It provides the functionality needed to enhance security operations, including real-time threat detection, flexible log collection, and AI-based incident analysis, all on a single platform.

1. Integrated detection and response centered on EDR

Based on CrowdStrike's EDR "Falcon Insight," it can incorporate logs from other products to enable a wider range of threat detection and response. Detection rules based on MITRE ATT&CK enable rapid response to unknown attacks.

Strength 1: Providing various functions as a first party

Not only EDR but also various other areas are covered as a platform
(Example) When incorporating EDR, cloud security, authentication security, and SWG

Incident investigation (detection screen)

In addition to integrated detection from EDR, Identity, Cloud, etc., risk indicators are visualized using heat maps linked to MITRE ATT&CK tactics and techniques.

2. SaaS-native platform

Cloud-based NG-SIEM can be deployed by simply installing an agent. There is no need to build an on-premise server*, significantly reducing the burden of building and operating it.
*When collecting log sources from an on-premise environment, it may be necessary to set up a relay server (Log Collector).

Constitution

• cloud native
• Ability to collect logs from any data source

3. Attractive licensing system with SOAR included + 10GB free

SOAR functionality is included free of charge. In addition, if you use Insight XDR, you can use NG-SIEM with up to 10GB of third-party logs per day at no additional license cost.

Next-Gen SIEM Licensing

Necessary functions are equipped as standard, making it the best option for customers

What is Next-Gen SIEM 10GB Free?

CrowdStrike Insight XDR customers have access to Next-Gen SIEM capabilities.
Although there are restrictions on the amount of logs that can be imported, it is possible to do the following:

What is CrowdStrike NG-SIEM?

[Restrictions]

• Compatible modules: CrowdStrike Falcon Insight XDR
• Import limit: 10GB/day
  *Logs from non-CrowdStrike products can be imported regardless of the product if the daily usage is less than 10GB.

Long-term log storage made possible by Falcon LogScale

LogScale and Box integration solution

We have developed our own LogScale Collector solution for ingesting Box logs, which is available for use.

LogScale Box log ingestion solution

We have prepared a script specifically for importing data into Box.
It is possible to import Box logs without any development required for importing.