We’re all too familiar with the pain associated with setting up a new tool such as a SIEM, and how integration efforts can last many days, weeks and sometimes months. At SOC.OS we’ve worked hard to optimise the SOC.OS on-boarding process to ensure it is as simple as possible.
On-boarding and set up takes place fully remotely and a SOC.OS engineer will be virtually present to guide you through the process, answer questions, and get you live and using the product as soon as possible.
For on-premise tooling, security alerts are forwarded over syslog from the alerting systems to the SOC.OS agent; which is a lightweight executable that can run on almost any operating system (technical details about the software agent can be found in our product sheet).
The installation of the agent takes a matter of minutes, and once configured works autonomously to forward alerts to the SOC.OS cloud platform. Cloud-based security tools are even simpler – provide SOC.OS with the API keys to read security alerts from that system, and it will automatically poll for new alerts. Once you’ve provided a few key details about your network – internal domains, IP Address ranges, etc. – SOC.OS will get to work correlating alerts into prioritised incidents. You can then log into the SOC.OS portal to start viewing these incidents – no more swivel chairing across your multiple security portals.