SIEM forwarding plans

SIEM (Security Information and Event Management) platforms are cybersecurity solutions that provide centralized log management, offer real-time threat detection, facilitate incident investigations, and help organizations meet compliance requirements. They work by consolidating and analyzing security data, such as logs from firewalls, intrusion detection systems, servers, and applications. This is done in real-time, to generate prioritized alerts for any suspicious activities and potential threats. Security teams then use the consolidated data and alerts to investigate flagged cybersecurity incidents, understand their scope, and take timely action to contain and mitigate threats.

SIEM platforms provide a comprehensive view of an organization's security posture, enabling early detection of advanced threats and anomalies. They help organizations meet regulatory and industry-specific security compliance standards, by providing centralized data and reporting. They offer a centralized console for managing security events, providing better visibility into the security operations center (SOC).

Acronis SIEM capabilities

Some customer tenants use third-party SIEM platforms, so Acronis alerts, events, tasks, and audit log information can be forwarded to these platforms for processing.

Regulatory compliance for forwarding data to SIEM platforms demands that every customer has their own SIEM 'data lake'. This means that you must define a forwarding plan for each customer.

Acronis SIEM forwarding plans define the data store location, or their dedicated syslog server details.