🗃️
PropScreen
  • PropScreen Overview
  • Introduction
    • The Problem
    • Problem Importance and Impact
    • Solution Overview
      • How Propscreen Addresses the Problem
      • Use Cases
      • User Personas
  • System Architecture
    • Core Components of Propscreen
      • PropScreen's Checks
      • Context Strings Database
      • Hashed Organizational Sensitive Information
      • Interdiction Log Database (Reports)
    • Architecture Overview
    • Sequence Diagrams by Use Case
      • Use Case 1 Sensitive Information Disclosure Interdiction
      • Use Case 2 Logging of Interdiction Events
  • Project Considerations
    • Threat Modeling
      • Key Threats
      • Key Threat 1
      • Key Threat 2
      • Key Threat 3
    • Secure by Design
    • Alternative Solutions
      • NER and Regex Based Scans
      • Traditional Data Loss Prevention
    • PropScreen's LLM Implementation
  • The Proof of Concept
    • Demo Video
    • Try the Proof of Concept
  • Going Forward...
    • SIEM Integration
    • Role Based Access Control Dependent Response Filtering
    • The Good, The Bad, and the Learning
Powered by GitBook
On this page
  1. Going Forward...

SIEM Integration

PreviousTry the Proof of ConceptNextRole Based Access Control Dependent Response Filtering

Last updated 9 months ago

While currently in the ideation phase, the next milestone for PropScreen is to support integration for SIEMs. This would allow a security team to enjoy the functionality of their SIEM's feature set when reviewing the logs created by PropScreen. The primary impetus for the delivery of this feature is to allow for security teams using PropScreen and a SIEM to receive real time alerts of when policy violations are detected. The data that would be ingested by the SIEM would be the logs created for the Interdiction Log Database.

Below is a mockup of how the integration would look to the end user. The user of the SIEM would be able to view alerts generated from PropScreen. The ability to offer integration into pre-existing SIEMs would reduce the friction that security teams would feel when adopting the PropScreen by reducing the level of context switching between their SIEM and PropScreen's Interdiction Logs. This would reduce the amount of user toil and allow the users to focus on their primary job functions.

Notional High Level Architecture for SIEM Integration
The vision for SIEM integration, note the "Alerts" section shows activity from PropScreen