Infigo SIEM (Security Information and Event Management) not only has all the great features that you expect from a modern SIEM but also has advanced capabilities like multitenancy and dynamic assets discovery right out of the box. How is that possible? Vast experience!
Infigo IS has been strictly in the information security business since 2005, doing offensive and defensive side, consulting, building apps on Splunk since 2012 – Infigo SIEM is the result of our combined experience, born from frustration of using products that underdelivered on their (security and compliance) promises.
This is the fourth iteration of our product, the same product that we've integrated in telecoms, financial institutions, air traffic controls, across myriad industries, often in mission-critical environments. We can't afford to build a bad product, not just because of our customers, but because we use Infigo SIEM as the heart of our managed security services.
We offer trial (on-prem) and demo (Splunk Cloud) licenses for everybody who wants to try before they buy. You can request a license and find out more about Infigo SEIM at the official website: www.infigosiem.com
For additional information about Infigo SIEM visit the official site:
www.infigosiem.com
Latest Release:
New Features & Enhancements
🔗 TheHive Integration
- Create TheHive Cases Directly from SIEM: Analysts can now create cases in TheHive directly from the SIEM Alert Review console, with automatic population of relevant alert data and observables
- Enhanced Case Management: Support for adding case observables (IOCs) including domains, IPs, hashes, URLs, and other indicators when creating cases
- Flexible SSL Configuration: Added SSL verification settings for secure connections to TheHive instances
- Multi-tenant Validation: Automatic validation ensures cases are created only for single tenants to maintain proper case segregation
🤖 AI-Powered Analysis
- ChatGPT Integration: New "Ask ChatGPT" workflow action allows analysts to get AI-powered insights for alert investigation
- Smart Data Anonymization: Automatic anonymization of internal IPs and domains before sending queries to external AI services
- Customizable Templates: Create and manage custom ChatGPT query templates for different investigation scenarios
- Integrated Documentation: AI responses are automatically logged as comments in the alert history
🎯 Advanced Risk Management
- Risk Modifiers: Introduce sophisticated risk scoring adjustments based on configurable conditions and mathematical operations
- Manual Risk Entry: Analysts can now manually create risk entries directly from the workflow actions for enhanced threat scoring
- Multi-value Risk Objects: Improved handling of multi-value fields in risk calculations with automatic event splitting
- Enhanced Risk Dashboards: New Risk Modifiers dashboard for managing and configuring risk scoring rules
🔧 Rule Creation & Management
- Enhanced Rule Creation Dashboard: Improved user interface with better template selection and validation
- Risk Rule Integration: Seamless creation and management of both SIEM and Risk rules from a unified interface
- Advanced Error Handling: Clear error messages and validation feedback during rule creation process
- Capability-Based Access Control: New permissions system for rule creation and editing
📊 Dashboard Improvements
- Copy to Clipboard: Quick copy functionality for any field value in the Alert Review console
- Enhanced Vulnerability Dashboard: Improved tenant filtering and data visualization
- Better Modal Views: Redesigned alert classification and investigation report interfaces
- Improved Navigation: Streamlined user interface for better workflow efficiency
⚙️ Security Orchestration, Automation & Response (SOAR)
- Automated Playbooks: Introduce intelligent playbooks that automatically execute additional Splunk searches when alerts are triggered, dramatically improving triage efficiency
- Smart Triage Searches: Configure automated searches with token-based parameters that extract relevant context from triggered alerts
- Workflow Orchestration: Execute multiple triage searches in a defined sequence with conditional logic for optimal investigation flow
- Resource Management: Built-in queue system protects Splunk resources from exhaustion while maintaining investigation speed
- Reusable Components: Create modular triage searches that can be shared across multiple playbooks for consistent analysis
- Manual Execution: Run playbooks and triage searches on-demand from the Alert Review Console for ad-hoc investigations
- Playbook Management Dashboard: Comprehensive interface for creating, managing, and monitoring automated investigation workflows
- Configurable Execution Limits: Control the number of concurrent triage searches through SIEM Settings to balance performance and thoroughness
- Automatic Alert Updates: Automatically update raised alerts with triage information using custom meupdatealerts command directly through search
Security & Access Control
🔐 Enhanced Permissions
- Role-Based Capabilities: New granular permissions for rule editing, investigation report modification, and external integrations
- Non-Admin User Support: Improved access control allowing non-administrative users to perform necessary SIEM operations
- Secure Token Management: Enhanced handling of external service tokens and credentials
Bug Fixes & Stability
🐛 Resolved Issues
- Rule Manager Fixes: Resolved issues with enabling/disabling risk rules and proper status synchronization
- Allowlist Modal: Fixed backslash escaping issues in allowlist entries
- Settings Page: Resolved configuration page issues for non-administrative users
- Risk Modifier Operations: Fixed update and clone operations in the Risk Modifiers dashboard
- Data Model Enhancements: Improved handling of tenant filters and multi-value fields
🔧 Technical Improvements
- Splunk SDK Update: Updated to latest Splunk SDK version for improved compatibility and security
- SSL Certificate Handling: Better support for internal certificates and SSL configurations
- Performance Optimizations: Various improvements to dashboard loading times and search efficiency
Integration & External Tools
🌐 External Enrichment
- Enhanced Meerkat Integration: Improved integration with Meerkat platform for alert management
- API Improvements: Better error handling and response management for external service calls
Quality of Life Improvements
📋 User Experience
- Improved Error Messages: More descriptive error messages and user guidance throughout the interface
- Better Input Validation: Enhanced form validation with clear feedback
- Streamlined Workflows: Simplified multi-step processes for common analyst tasks
- Enhanced Documentation: Better in-app guidance and tooltips
