Overview
Home Platform Ask DuploCloud Pricing

SIEM

Security Incident and Event Management (SIEM) in DuploCloud

DuploCloud uses Wazuh for SIEM. The primary functions of the SIEM are:

  • Data Repository

  • Event Processing Rules

  • Dashboard

  • Events and Alerting

OSSEC agents are deployed at various endpoints (VMs in the cloud) where they collect event data from multiple logs such as syslogs, virus scan results, NIDS alerts, File Integrity events, etc. Data is sent to the centralized Wazuh server deployed in the Compliance Tenant, where it undergoes a set of rules to produce events and alerts stored in an OpenSearch with a Kibana Dashboard. Data is also ingested from cloud provider sources like CloudTrail, AWS Trusted Advisor, Guard duty, Container registry scans, Azure Security Center, etc.

For customers who require SIEM, the setup is a seamless, fully orchestrated experience. The platform takes care of everything, automatically installing and updating OSSEC agents in the DuploCloud Hosts, ensuring a hassle-free experience for the customer.

Typically, one centralized SIEM is used for multiple accounts, i.e., one DuploCloud implementation implements the SIEM, and more DuploCloud environments can ingest data there.

PreviousAgent ManagementNextVulnerabilities

Last updated

Logo

Platform

OverviewDemo VideosPricing GuideDocumentaiton

Solutions

DevOps AutomationCompliancePlatform EngineeringEdge Deployments

Resources

Blog & NewsCustomer StoriesWebinarsPrivacy Policy

Company

CareersPressEventsContact

© DuploCloud, Inc. All rights reserved. DuploCloud trademarks used herein are registered trademarks of DuploCloud and affiliates