Overview

MaxPatrol SIEM All-in-One provides full visibility into small to mid-sized IT infrastructures and detects security incidents. Get a full-featured SIEM system that works, even on a smaller budget.

Designed for small infrastructures
Available for 250, 500, and 1,000 network hosts. Gradually scale up with a simple license upgrade.
All the key benefits of MaxPatrol SIEM
MaxPatrol SIEM All-in-One includes most of the main components of MaxPatrol SIEM. That's why users of All-in-One keep all the same key features.
Easy on-ramp to SIEM
To get started, obtain a license (based on your number of network hosts) and server. Fill out our form and get a personalized estimate.

MaxPatrol SIEM 6.1 keeps infrastructure information up to date

Age controls for asset data. Unlimited incident storage. More performance tools. The new version of MaxPatrol SIEM offers plenty of reasons to upgrade.

Learn more

For companies with small but important infrastructures

If your IT infrastructure stores sensitive data and a hack could harm your company's reputation, bottom line, or operations, it's time to build a security system that works. MaxPatrol SIEM All-in-One helps to spot hacking activity inside your network before it's too late and facilitates investigation.

Comparison: All-in-One vs. MaxPatrol SIEM

MaxPatrol SIEM All-in-One MaxPatrol SIEM
Architecture Simplified: no components for deep traffic analysis, malware scanning of files and emails, or analytics to assess overall security across distributed infrastructures Customized to client needs, infrastructure size, and events per second (EPS) threshold
Form factors Hardware appliance only (software running on Dell hardware) Hardware appliance or software (deployable on client's physical server or virtual machine)
Scalability License available for up to 1,000 hosts. One data collection agent per license. Unlimited scalability. Multiple installations can be arranged hierarchically.

Architecture

The core components of MaxPatrol SIEM All-in-One are deployed on a single hardware server provided together with the software. Two components, PT Retro Correlator (for retrospective analysis) and PT Update and Configuration Service (for online updates), require additional virtual or hardware servers.

1. MaxPatrol Core

Management server

2. MaxPatrol SIEM Server

Processes security events. Performs event aggregation, filtering, normalization, and correlation. Automatically creates incidents. Relates events to information assets.

3. MaxPatrol SIEM Events Storage

Stores security events in a central location. Includes Elasticsearch 7.4.2.

4. MaxPatrol SIEM Agent

Performs black-box and white-box scanning of assets. Collects events.

5. PT Knowledge Base

Provides expertise packs, macros, and normalization rules, as well as information about security bulletins and software on assets.

6. PT Update and Configuration Service

Ongoing updates of MaxPatrol SIEM components: checks for, downloads, and installs new component versions. Updates expertise packs, macros, normalization rules, and vulnerability databases.

7. PT Retro Correlator

Rechecks previously received events using the correlation rules.

Component diagram

Схема взаимодействия компонентов

Results of 23 MaxPatrol SIEM pilot deployments

In our report, learn what clients expect to accomplish with MaxPatrol SIEM pilot deployments, which event sources they connect most often, and the kinds of security incidents they detect.

Learn more

Free pilot

By clicking Send you give your free and explicit consent to process your personal data and agree to our Privacy Policy.

More than 1,000 hosts on your infrastructure?

If you want to monitor activity on a large network, try MaxPatrol SIEM with its flexible architecture, unlimited scalability, and support for hierarchically organized installations.

Learn more