Acronis Cyber Protect Cloud integration with LogRhythm SIEM
Features
An open cloud-native SIEM platform alleviates time spent managing and maintaining infrastructure while easily integrating with other applications.
Automatically collect data from SaaS, self-hosted cloud, and on-prem agents. Metadata extraction combined with easy-to-use tools to build custom parsers ensures visibility across the environment in a centralized console.
Search driven widgets and intuitive dashboards make it easier to find information and respond to threats. Ensure threat detection engineering with the ability to test your analytics rules.
Surface critical threats and secure your environment with powerful security analytics and simplified incident response. Leverage out-of-the-box content or author your own custom content.
Acronis supports core event format - CEF (Common Event Format), enabling MSPs to work with the data sent by the integration out of the box. Alerts are pre-formatted on Acronis side and don't require MSP to create any additional rules on SIEM side.
It's very easy to enable the integration by providing server and client certificates, establishing connection to the dedicated syslog server and specifying the server port.
Integration allows MSPs to select which customer tenants in Acronis should send alerts to SIEM. Since alerts are sent to the same SIEM instance, it's possible to run correlation, threat hunting and perform investigation for all customers in the same console. It also empowers MSPs to search for threats, that were discovered on one workload in one customer tenant, in other customers environments.
It is possible to select which alerts should be sent to SIEM. With this functionality, MSPs benefit from reducing the amount of alerts sent to SIEM and, therefore, lower storage consumption. MSPs can select and work only with the data that is necessary.