Picus Detection Analytics helps identify security events that were detected or prevented by security controls but their logs are not seen in SIEM platforms.Proactively identifying such shortcomings and keeping a healthy log mechanism ensure that:
no alerting gaps occur due to unidentified security events generated by real adversaries
regulatory log collection requirements are not violated.
If there are attacks where no event logs are recorded at the SIEM, this indicates that one of the following situations occurred:
Option 1: All of the relevant security controls on the attack vector failed to detect the TTPs of the attack. Therefore no log is generated (please refer to the "Enhance your logging to have better visibility use case).
Option 2: Attack TTPs are detected by the defenses but either logging options are not set or the delivery mechanism failed to work.
Option 3: Logging and delivery mechanisms may be working but there may be a setting or a network-related problem delaying log delivery.
Option 4: Logs may be delivered to SIEMs but as it does not contain the right level of detail, it is not picked by Picus Detection Analytics as “log exists".
This use case is to identify the situations described in Options 2, 3, and 4.
Easy to deploy, intelligence driven and feature-rich Picus Security Control Validation Platform makes sure that SOC teams maintain a well scoped and threat-aware log base that always covers changes in adversarial landscape and technology infrastructure.