MaxPatrol SIEM provides 360º visibility into infrastructure and detects security incidents. Regularly updated with knowledge from Positive Technologies experts. Effortlessly adapts to network changes.
MaxPatrol SIEM "gets smarter" all the time with PT KB, which helps users to detect attacker TTPs before serious consequences arise.
Good news for companies with large geographically distributed infrastructures! The new version of MaxPatrol SIEM allows users to increase the data processing rate to up to 60,000 EPS and carry out investigations more quickly for all installations.Try it out Learn more
Detection of malicious activity in traffic
Network Attack Discovery Sensor provides full network visibility. This component analyzes network traffic in depth, passively collects data about assets, and detects attacks. The component notifies in real time about attackers’ attempts to expand their presence in infrastructure, steal data, exploit vulnerabilities, use hacker tools, or contact C2 servers.
The Positive Technologies Expert Security Center and R&D team monitor and perform research into new threats. Their know-how is regularly made available in expertise packs from the PT Knowledge Base. Expertise packs contain new rules, updated parameters for collection and incident handling, response recommendations, and reputation lists. Packs are automatically provided to MaxPatrol SIEM in order to detect threats before serious consequences arise.
Correlation rules (included in expertise packs) can be easily customized to fit infrastructure. We provide detailed instructions and whitelists, which are prepopulated based on experience with real infrastructures.
By combining Positive Technologies expertise with solutions from major antivirus vendors, the M-Scan component performs multilevel file scans and detects malware. It analyzes files in traffic, protects email accounts, and monitors file shares.
Stay on top of changes in infrastructure
MaxPatrol SIEM accurately identifies IT assets even in a shifting landscape. Asset groupings adapt to the latest network changes. With these abilities, it’s easy to configure correlation rules for keeping an eye on systems that have non-updated software or particular vulnerabilities.
In our report, learn what clients expect to accomplish with MaxPatrol SIEM pilot deployments, which event sources they connect most often, and the kinds of security incidents they detect.Learn more
Add event sources for free
During deployment, we connect business systems to MaxPatrol SIEM free of charge—even business systems that are esoteric or custom-developed.