SIEM Integration

While currently in the ideation phase, the next milestone for PropScreen is to support integration for SIEMs. This would allow a security team to enjoy the functionality of their SIEM's feature set when reviewing the logs created by PropScreen. The primary impetus for the delivery of this feature is to allow for security teams using PropScreen and a SIEM to receive real time alerts of when policy violations are detected. The data that would be ingested by the SIEM would be the logs created for the Interdiction Log Database.

Notional High Level Architecture for SIEM Integration

Below is a mockup of how the integration would look to the end user. The user of the SIEM would be able to view alerts generated from PropScreen. The ability to offer integration into pre-existing SIEMs would reduce the friction that security teams would feel when adopting the PropScreen by reducing the level of context switching between their SIEM and PropScreen's Interdiction Logs. This would reduce the amount of user toil and allow the users to focus on their primary job functions.

The vision for SIEM integration, note the "Alerts" section shows activity from PropScreen