AccelOps Security Information and Event Management (SIEM)

AccelOps’ virtual appliance features an automated discovery-driven approach that shortens the path to comprehensive monitoring and prevents future security blind spots. In real time, we add user and application context to events and provide unparalleled threat monitoring, prioritization and mitigation.

Our virtualized solution extends your monitoring reach across on-premise, off-premise, private and public cloud environments.


Elastic Events per Second (EPS) Technology

To handle event storms, simply add virtual machines to the AccelOps cluster.

Rich Context

We automatically enrich events with context, such as user, network, server and application. One-click access to diverse information vastly reduces incident resolution time.

Log Management

We use a single software-based log management solution to collect logs from diverse environments.

Threat Management and Compliance

We support cross-domain patterns, nested patterns and time-based operators to codify and detect sophisticated threats. When combined with performance and configuration metrics from AccelOps Performance and Availability Monitoring, you can detect Advanced Persistent Threats and mitigate risks from a single platform.

We have a knowledgebase of more than 1,700 reports, including automated compliance reports covering HIPAA, PCI DSS, SOX and other compliance standards.

Continuous Learning

You can continually enrich the product with new knowledge and patterns through a simple GUI suited for operators and business users. As threats become more sophisticated so does your ability to handle them.

AccelOps Security Information and Event Management (SIEM) Products and Details

With an integrated and cross-correlated view into your network, devices, apps and user logs, AccelOps simplifies the collection of information that impacts your business.

With a powerful analytics engine, automated CMDB and event consolidation, smart anomaly detection, identity and location binding, and flexible data management, we redefine the next generation of SIEM.

Log Matters

Event log management / security information and event management (SIEM) is considered an IT best practice, and for regulated industries, an audit compliance requisite.

The challenge is how to consistently aggregate, decipher and normalize non-standard log formats; manage massive volumes of event log data for real-time and historic analysis; correlate and consolidate complex event log data to yield actionable intelligence; and maximize event log value to support IT service reliability.

Some equate log management to log aggregation, display, and storage – a simple approach that fails to address these complex challenges. Most SIEM products offer basic event consolidation, simple correlation rules, limited real-time analysis, poor reporting and investigation flexibility, and no identity or infrastructure context. Many still require special collectors, add-on modules, additional systems and significant expertise.

AccelOps’ founders and core team developed one of the industry’s most successful security event management solutions. We have changed the playing field with our all-in-one, scalable data center and IT service management solution. AccelOps leverages network performance, applications, change management, identity, location, virtualization, and other intelligence to take SIEM to the next level.

AccelOps Next-Gen SIEM Monitoring and Security – Robust Log Management and Beyond

AccelOps delivers a robust, scalable log management solution offering:


  • Mainstream device support
  • Event source monitoring
  • Event log and network flow data consolidation
  • Comprehensive, extensible analytics
  • Network, virtualization and application intelligence
  • Identity and location intelligence
  • Configuration and configuration change monitoring
  • In-depth database security, availability and anomalous activity monitoring
  • Powerful, layer 7 rules engine
  • Real-time and historical cross-correlation
  • Prioritized, valid security incidents with correlated and raw details
  • Dynamic dashboards, topology maps and notification
  • Real-time and long-term search with web-like query and iterative filtering
  • Directory service integrated and custom asset and user grouping
  • Compliance and standards-based reports
  • Optimized event repository
  • Event log data integrity secured by HMAC
  • Unlimited online data retention
  • As-needed performance and coverage capacity

Collect, Parse, Correlate from Anywhere

Supporting multi-vendor device sources and advanced parsing technology, AccelOps can collect, parse, correlate and store logs from virtually all IT infrastructure sources. The solution automatically interprets the device type and how to process the event logs as they are received.

  • Network activity logs from firewalls, routers, switches, VPN gateways, wireless LAN, web/mail security gateways, and network IPS
  • Network resource utilization and anomaly detection from network flow data
  • Server operating system activity logs from Windows, Unix, Linux and virtual machines
  • Network infrastructure application logs from domain controllers, authentication servers, DNS and DHCP servers, and vulnerability management servers
  • User application logs from web, application, and database servers

The parser intelligently categorizes the source of the log into different device groups such as firewalls, routers/ switches, wireless LAN controllers, printers, etc. It also groups into various server categories such as Windows, Unix, VMware, and storage devices.


SIEM Products for Automatic Discovery

AccelOps automatically discovers your network infrastructure and its resources using intelligent scanning methods. It supports a smart scan method, which iteratively learns only about the live devices in your network. Since only live devices are traversed, it is much faster than other traditional methods of network discovery.

It also supports a range scan method, where each machine in the range is first pinged and then an attempt is made to do full discovery using the given credentials. Once the capabilities of the devices are determined, the web application performance metrics can be fetched from those devices.

Multi-Faceted Data Collection

AccelOps supports virtually all agent-less and agent-based data collection methods to collect logs from a variety of devices and applications including:

  • SNMP
  • Syslog
  • Windows Management Instrumentation (WMI)
  • Microsoft RPC
  • Cisco SDEE
  • Checkpoint LEA
  • JDBC
  • VMware VI-SDK
  • JMX
  • Telnet
  • SSH
  • IMAP
  • IMAP over SSL
  • POP3


Powerful Analytics for Real-time Correlation and Alerting 

AccelOps can detect network services and profile network traffic from network flows and firewall logs. An advanced analytics engine detects patterns in data over a rolling time window taking into account very complex patterns. This includes combined patterns of network, system, application and user activity. The built-in analytics engine can be easily extended using XML-based definitions. 

AccelOps contains a knowledge base of more than 300 built-in rule classes, covering scenarios such as:

  • Host scans, port scans, fixed-port host scans, denied scans and other traffic anomalies
  • Network device and server logon anomalies
  • Network access anomalies from VPN, domain controller and wireless logons
  • Web server and database access anomalies
  • Rogue workstations, PDAs, WLAN APs etc. from DHCP logs
  • Account lockouts, password scans and unusual failed logon patterns
  • Botnets, mail viruses, worms, DDOS and other day zero malware from DNS, DHCP, web proxy logs and flow traffic

The analytics engine patterns are comprehensive and allow for complete Boolean operators and nested sub-pattern rules:

  • Sub-patterns connected in the time dimension by operators such as AND, OR, FOLLOWED_BY, AND_NOT, NOT_FOLLOWED_BY
  • Each sub-pattern can apply condition operators such as =, !=, BETWEEN, IN, NOT IN, IS, IS NOT, etc.
  • Each sub-pattern can filter and apply aggregation operators such as AVG, MAX, MIN, COUNT, and COUNT DISTINCT
  • The thresholds can be static or statistically derived from automatically profiled data

Customizable Dashboards

The built-in summary dashboards provide a consolidated overview of performance, availability, and security status for all devices and applications that belong to a specific functional group or business service.

Using a fast update mechanism and leveraging the Adobe Flex interface, AccelOps screens are refreshed quickly and automatically to provide quick insight into the current health of network devices, servers, applications, and services. Health is presented in three simple grades: normal, warning, and critical. You can conveniently drill down and obtain the details for each metric along with trends, to proactively manage issues and respond to problems or threats before they become critical. You can further tune the performance of health parameters according to the criticality of the device.

AccelOps also features fully customizable dashboards across availability, performance, change and security dimensions including information on various metrics along with the system itself.

The solution includes customizable widgets that can be drag-and-dropped into any dashboard. Each widget can be further customized to provide aggregate, trending, or tabular views. You can adjust the layout by easily selecting from several options and choose from charting displays such as time series trending, pie, column, or spark line charts.

The fast auto-refresh mechanism allows the near real-time update of the dashboard data to provide a current view into infrastructure issues and threats as they occur. You can quickly obtain additional context within dashboard object health status by instantly running a query or drilling down into specific incidents.

SIEM – Security Information and Event Management for Instant Drill-Down

One-click, recursive drill-down can be performed on any column to make refining search criteria a breeze and to expedite root-cause analysis that is less error-prone. The quick information will provide detailed information about IP address, MAC address or user. In addition to the inventory data, it shows the health summary of the server without leaving the context.

You can select to view multiple rows of interesting information within the same trend view using checkbox selections to help pinpoint anomalies in the network behavior in a matter of seconds.

Try AccelOps Free for 30 Days

Ready to try AccelOps for yourself? Download our virtual appliance now for a free 30-day trial.

Download AccelOps now for a free 30-day trial

Customer Success Stories

Our software-only solution features an automated discovery driven approach that shortens your path to comprehensive monitoring and prevents future security blind spots.

See how customers in all industries are using AccelOps