Product overview

MaxPatrol SIEM provides 360º visibility into infrastructure and detects security incidents. Regularly updated with knowledge from Positive Technologies experts. Effortlessly adapts to network changes.

Good news for companies with large geographically distributed infrastructures! The new version of MaxPatrol SIEM allows users to increase the data processing rate to up to 60,000 EPS and carry out investigations more quickly for all installations.

Try it out  Learn more

Detection of malicious activity in traffic

Network Attack Discovery Sensor provides full network visibility. This component analyzes network traffic in depth, passively collects data about assets, and detects attacks. The component notifies in real time about attackers’ attempts to expand their presence in infrastructure, steal data, exploit vulnerabilities, use hacker tools, or contact C2 servers.

Up-to-the-minute knowledge

The Positive Technologies Expert Security Center and R&D team monitor and perform research into new threats. Their know-how is regularly made available in expertise packs from the PT Knowledge Base. Expertise packs contain new rules, updated parameters for collection and incident handling, response recommendations, and reputation lists. Packs are automatically provided to MaxPatrol SIEM in order to detect threats before serious consequences arise.

Correlation rules (included in expertise packs) can be easily customized to fit infrastructure. We provide detailed instructions and whitelists, which are prepopulated based on experience with real infrastructures.

Up-to-the-minute knowledge

Antivirus scanning

By combining Positive Technologies expertise with solutions from major antivirus vendors, the M-Scan component performs multilevel file scans and detects malware. It analyzes files in traffic, protects email accounts, and monitors file shares.

Key benefits

Stay on top of changes in infrastructure

MaxPatrol SIEM accurately identifies IT assets even in a shifting landscape. Asset groupings adapt to the latest network changes. With these abilities, it’s easy to configure correlation rules for keeping an eye on systems that have non-updated software or particular vulnerabilities.


In our report, learn what clients expect to accomplish with MaxPatrol SIEM pilot deployments, which event sources they connect most often, and the kinds of security incidents they detect.

Learn more

Add event sources for free

During deployment, we connect business systems to MaxPatrol SIEM free of charge—even business systems that are esoteric or custom-developed.

Related products and services