|
| 1 | +--- |
| 2 | +layout: default |
| 3 | +title: Introduction |
| 4 | +nav_order: 1 |
| 5 | +permalink: / |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +# UTMStack: Elevate Your Cybersecurity with Open Source SIEM and XDR |
| 10 | +Welcome to the UTMStack documentation - your passport to the future of cybersecurity |
| 11 | + |
| 12 | +## [Experience UTMStack in Action!](https://utmstack.com/demo) |
| 13 | + |
| 14 | + |
| 15 | +[UTMStack®](https://utmstack.com) is a Unified Threat Management Platform that delivers all essential security services. It includes |
| 16 | +Log Management (SIEM), Threat Detection and Response, Real-time Correlation, Reporting, Compliance |
| 17 | +Reporting, Cloud Monitoring, SaaS Monitoring (Office 365, Google Coud), Vulnerability Management |
| 18 | +(provided as a standalone application), network/host IDS/IPS, Endpoint Protection Integration, Identity |
| 19 | +Activity Management (tracks user activity), Automated and On-demand Incident Response, Forensics |
| 20 | +Analysis (through Log Exploring), Artificial Intelligence Security Operations Center Analyst (provided through |
| 21 | +integration with OpenAI), File Classification and Tracking, and Threat Intelligence. UTMStack is designed for |
| 22 | +hybrid environments and can be easily deployed across on-premises and cloud providers. |
| 23 | + |
| 24 | +### Simpler and Cost-Effective |
| 25 | +UTMStack bundles several cybersecurity products under a single platform. This approach makesthe solution |
| 26 | +cost-effective and simpler. It reduces the learning curve for security professionals and the costs of buying |
| 27 | +different tools from multiple vendors. Having all the data in a single place increases the effectiveness of |
| 28 | +correlation engines and machine learning algorithms. The platform also includes a powerful dashboard and |
| 29 | +report builder that can be used to personalize your monitoring experience or for advanced compliance |
| 30 | +auditing and reporting. |
| 31 | + |
| 32 | +### Threat Intelligence |
| 33 | +- Spam, malware, botnets,service abuse IP related. |
| 34 | +- Denial ofservice and Brute force attack and scanner IPs. |
| 35 | + |
| 36 | +### Vulnerability Scanner |
| 37 | +- Application vulnerability assessments. |
| 38 | +- Network devices Vulnerability Assessment. |
| 39 | +- Azure and AWS Vulnerability scans. |
| 40 | + |
| 41 | +### Log Management (SIEM) |
| 42 | +- Log collection and correlation in real-time. |
| 43 | +- Log management. |
| 44 | +- Dashboard and Report Builder. |
| 45 | +- Log and event explorer for forensic analysis. |
| 46 | + |
| 47 | +### Compliance management |
| 48 | +- HIPAA, GLBA, SOC 2, GPDR, FISMA, CMMC, and PCI-DSS Compliance reports. |
| 49 | +- Compliance status dashboards. |
| 50 | +- Custom compliance reports builder. |
| 51 | + |
| 52 | +### Incident response and Endpoint Protection |
| 53 | +- Automated and On-demand Host lockdown, IP block, and remote-control console. |
| 54 | +- Antivirus, OSSEC and Wazuh Integration. |
| 55 | + |
| 56 | +### Network and Host Intrusion detection |
| 57 | +- Rule-based Network Intrusion Detection. |
| 58 | +- Rule-based and heuristic analysis-based Host Intrusion detection System with ATP capabilities. |
| 59 | +- Network traffic, protocol, and DNS analysis. |
| 60 | + |
| 61 | +### Access Rights Auditor |
| 62 | +- Active Directory Explorer. |
| 63 | +- User Activity and permissions tracking. |
| 64 | +- Suspicious activity monitoring. |
| 65 | + |
| 66 | +### File Classification |
| 67 | +- File Changes and access Tracking. |
| 68 | +- Activity monitoring. |
| 69 | +- File Integrity monitoring. |
| 70 | + |
| 71 | +### Compliance |
| 72 | +Compliance with the latest regulations often requires generating reports for internal use and auditors. |
| 73 | +UTMStack simplifies compliance management by combining essential security tools into a single database |
| 74 | +and providing several built-in reports and interactive dashboards. It is reinforced by an event and logs |
| 75 | +explorer for advanced analysis and a report/dashboard builder that helps visualize and display data. |
| 76 | + |
| 77 | +### Threat Detection Technology |
| 78 | +UTMStack threat detection engine comprises several rule-based correlation systems, scanners, and AIpowered machine learning algorithms. Modules operate independently, and sometimes theirfunctionalities |
| 79 | +overlap and interact to generate a holistic analysis of events. |
| 80 | + |
| 81 | +### Heuristic and Rule-based analysis engine |
| 82 | +- UTMStack leverages powerful correlation engines |
| 83 | +for a total of 154 000 detection rules. They |
| 84 | +aggregate, correlate, and analyze log data, |
| 85 | +network traffic, and system internal activity |
| 86 | +generated by on-premises and cloud devices or |
| 87 | +SaaS. |
| 88 | + |
| 89 | +### Machine Learning Anomaly-based engine |
| 90 | +- Analyzes the environment and defines custom |
| 91 | +rules and baselines. This learning mechanism |
| 92 | +allowsthe system to learn from the environment |
| 93 | +and gain the ability to identify abnormal and |
| 94 | +threatening behavior. |
| 95 | + |
| 96 | +### Threat Intelligence Database correlation |
| 97 | +- Analyses all available security IP feeds, mainly |
| 98 | +related to online attacks, online service abuse, |
| 99 | +malware, botnets, command and controlservers, |
| 100 | +and other cybercrime activities. |
| 101 | + |
| 102 | +### Advanced-Data Visualization and Reporting |
| 103 | +Not all environments are the same, and every organization has unique use cases that might customs |
| 104 | +dashboards and reports. While traditional SIEM solutions usually come with a fixed set of pre-created |
| 105 | +dashboards and reports intended to fit most clients' most common compliance needs, this is usually not |
| 106 | +enough. UTMStack dashboards and reports can be created, modified, and deleted without writing a single |
| 107 | +line of code. The entire solution has been built on a proprietary data visualization and analysis engine that |
| 108 | +provides the flexibility to build the entire stack from the ground by any advanced user. |
| 109 | + |
| 110 | +### Investigate Suspicious Activities |
| 111 | +- Aggregate and summarize sets of data. |
| 112 | +- Filter, track, and export log data. |
| 113 | +- Perform forensic analysis. |
| 114 | + |
| 115 | +### Audit and compliance support |
| 116 | +- Generate custom reportsfor audits or compliance checks and assessments. |
| 117 | +- Create compliance dashboardsfor continuous monitoring. |
| 118 | +- Leverage existing reportsforHIPAA, GLBA, GPDR, and SOC compliance. |
| 119 | + |
| 120 | +### Monitor and analyze security data |
| 121 | +- Build customized dashboards or use existing ones. |
| 122 | +- Explore systems data in nearreal-time and respond to incidents. |
| 123 | + |
| 124 | +### Reduce downtime |
| 125 | +- Create up-time reports. |
| 126 | +- Review proactive alertsformisconfigurations or misconfigured systems. |
| 127 | +- Monitor and analyze devices performance and resources utilization. |
| 128 | + |
| 129 | +### Integrations |
| 130 | +UTMStack monitors the following systems and platforms. Integrations can be configured inside the system |
| 131 | +panel and do not require custom coding or complicated configurations. |
| 132 | + |
| 133 | +- Azure and AWS |
| 134 | +- Hypervisors(KVM, HyperV, VMWare, etc.) |
| 135 | +- Physical Infrastructure datacenter |
| 136 | +- Software like SharePoint and SQL Server |
| 137 | +- Windows and Linux servers and endpoints |
| 138 | +- PaaS and SaaS applications like Office365 |
| 139 | +- Proprietary devices like CISCO and Sophos |
| 140 | +- Container orchestration (Kubernetes, Docker) |
| 141 | + |
| 142 | +For additional questions, please send an email to [support@utmstack.com](mailto:support@utmstack.com) or start a contact request from |
| 143 | +our website: [https://utmstack.com](https://utmstack.com) |
| 144 | + |
| 145 | + |
0 commit comments