With over 8 years of experience as a Splunk Elite Partner and consultancy, Spico Solutions has been at the forefront of the modern SIEM market evolution. Our real-world experience has taught us that most of the market leading SIEM’s simply aren’t practical for day to day security operations teams. While they universally offer great features, they lack pragmatism and ease of use. Too often we see customers struggling with these challenges:
- SOC teams spending hours focused on clearing noise instead of focusing on real problems
- Bouncing from view to view trying to isolate events that caused problems
- Struggling to build a timeline of events to determine if an issue is real or a false positive
- Correlation that is less about correlating different triggering events and more about identifying something that might be considered “notable”
We concluded that there had to be a better way. We wanted to empower customers with a solution that reduces waste and provides immediate/tangible value. Hence the ‘Patronus App’ for Splunk was born.
Built by Spico engineers specifically for the Splunk platform, the Patronus SIEM App provides security teams the ability to easily monitor, detect, and react to security concerns based on a scoring system that highlights notables and filters out the noise. Spend less time searching and more time logically drilling down to determine how events correlate to form a story.
We start with a basic scoring system which applies a certain level of risk to ALL detections. Those detections become compelling and generate an incident after a prescribed threshold is exceeded … simple as that.