A SIEM, by
any other name
A sweet-smelling breakdown of ONE 2 ONE’s log
aggregation and other SIEM-ish features
Benefits At a Glance
Centralize your security
tools, skip the giant price tag
ONE 2 ONE is a Co-Managed Threat Detection and Response Platform. ONE 2 ONE detects, while our Security Operations Center (SOC) responds. You have full access to view your alert data, and can even have your team analyze alongside us.
We baked our customers’ most-requested SIEM features right into the ONE 2 ONE platform. Now you can access these features
directly within ONE 2 ONE:
Enhance ONE 2 ONE’s analysis
of your environment
Whether you prefer to call it SIEM, data lake, or log aggregation, adding it enhances your view of your security posture. ONE 2 ONE SOC is now detecting and investigating threats within log metadata. You and your clients can store logs for compliance without any other tools. If you’re considering a SIEM purchase with those goals in mind, ONE 2 ONE maybe the right option for you.
ONE 2 ONE’s SIEM features
Feature |
BENEFIT |
||
COLLECT |
Windows event logs | Insight into services activity and changes, including Active Directory |  |
| Syslog data | Insight into device activity, including firewall logs, change management tracking and error logs |
|
|
| Event parsing | Supports strong search and reporting | |
|
| Collected alongside network data | View log data next to the critical network data you’re already collecting to further enrich the picture around potential incidents |
|
|
| Flexible retention | Keep your data for as long as you want – meet your regulatory retention requirements easily |
|
|
| Easy deployment | If your ONE 2 ONE sensor is already in your environment, just point your logs our way for collection and retention |
|
|
DETECT |
Activity detection | Detection rules for dozens of vendors ensure the broadest out-of-the-box overage possible | |
| Event correlation | ONE 2 ONE SOC includes collected log data in their analysis to correlate events and further identify potentially malicious activities |
|
|
| Alerting | ONE 2 ONE alerts on bad network activity and escalates to you after our SOC has investigated the incident. SOC uses log data to enrich the context of the network activity to provide even more fidelity when investigating a potential incident |
|
|
RESPOND |
Dashboards | Understand log (and network) activity in a glance with a fully customizable view | |
| Reports | Gain insight into the data you’re seeing and ensure organizational and regulatory compliance by generating reports around interesting data patterns |
|
|
| Searching and hunting |
Conduct forensic investigations – access network data and O365 log history in a single pane of glass via ONE 2 ONEybana |
|
Office 365®
STAND-ALONE LOG AGGREGATION
(INCLUDED WITH ONE 2 ONE SIEM)
Benefits At a Glance
Include your Office 365 logs in ONE 2 ONE’s threat analysis
Empower ONE 2 ONE’s Security Operations Center (SOC) to defend your business from account takeovers and business email compromise (BEC) and satisfy compliance requirements. With O365 integration, ONE 2 ONE generates alerts through the ONE 2 ONE platform based on your Office 365 logs. From your ONE 2 ONE console, you can customize which alerts you receive and how you receive them. Then investigate any impact through Perchybana in real time; or let our SOC do it for you.
Investigate reported threat activity
With Office 365 integration, ONE 2 ONE provides everything you need to respond to and investigate alerts from Office 365 logs. With ONE 2 ONE, logs are searchable, parsed, cleaner, and reportable. And you can increase log retention without the extra price tag to satisfy compliance requirements.
Take advantage of ONE 2 ONE’s comprehensive list of pre-configured alerts to defend yourself from malicious activity, including:
ONE 2 ONE gives you the tools to decipher the magnitude of an incident and pinpoint what exactly is affected.
ONE 2 ONE’s Office 365 features
Feature |
BENEFIT |
||
COLLECT & CUSTOMIZE |
Authentication logs | Insight into authentication attempts against your Office 365 tenant | |
| File access and change logs | Insight into SharePoint and OneDrive activity, including access, changes, and deletion of files | |
|
| Event parsing | Supports strong search and reporting | |
|
| Collected alongside network data | View log data next to the critical network data you’re already collecting to further enrich the picture around potential incidents |
|
|
| Flexible retention | Keep your data for as long as you want – meet your regulatory retention requirements easily |
|
|
| Easy deployment | Single-click deployment of Office 365 logging in the ONE 2 ONE environment; no hardware or onsite installation required to collect the required logs | |
|
DETECT |
Activity detection | Pre-built detection rules for the highest risk activities | |
| Event correlation | ONE 2 ONE SOC includes collected log data in their analysis to correlate events and further identify potentially malicious activities | |
|
| Alerting | ONE 2 ONE alerts on malicious and high-risk activities and escalates to you after our SOC has investigated the incident. ONE 2 ONE SOC uses log data to enrich the context of the network activity to provide even more fidelity when investigating a potential incident | |
|
RESPOND |
Dashboards | Understand log (and network) activity in a glance with a fully customizable view | |
| Reports | Gain insight into the data you’re seeing and ensure organizational and regulatory compliance by generating reports around interesting data patterns | |
|
| Searching and hunting |
Conduct forensic investigations – access network data and O365 log history in a single pane of glass via ONE 2 ONEybana | |
See us in action!
Explore our success stories to see how companies like yours have benefited from
our managed IT services and expertise.