SIEM Azion

Azion SIEM allows you to expand visibility into accesses to your edge applications. By correlating data available on Real-Time Metrics and Real-Time Events, you can amplify your analysis of security, access volume, health, and degradation.

Each dashboard has a set of graphs and tables that allows you to monitor your applications according to different observability needs. By selecting different time ranges and using the available filters, you’ll be able to expand view of your applications, such as refining Edge Application settings, optimizing your Edge Firewall and WAF set rules, identifying bots access, among others.

SIEM also provides the creation and monitoring of alerts. Alerts can be viewed on the web interface and can also be sent by email, generating notifications at the beginning and end of the event.

Alerts can be configured considering a time range, a query using one or more items available in Real-Time Events and an expected threshold, such as the minimum, maximum value, average, or sum of the collected values.

Some examples of alerts that can be created:

  • Considering the last 5 minutes, generate an alert when the volume of requests per minute exceeds 1,000 requests to any of the applications.
  • Considering the last 10 minutes, generate an alert when the sum of requests with the POST method exceeds 100 per IP address in the application.
  • Considering the last 10 minutes, generate an alert when the number of requests with origin errors per minute exceeds 50.