Main functional features of security maintenance platform products

SEMOR is an integrated defense monitoring platform. It includes SIEM, Remote Access Control, Network Access Control, Performance Monitoring, and Threat Intelligence.

• Event collection and analysis - automatically collect all records through Syslog, Event, and Flow, and identify potential threats and problems through correlation analysis
• Traffic monitoring and analysis - Analyze attack threats through traffic monitoring combined with Zeek and Suricate attack characteristics
• Real-time alerts - when attacks and threats are discovered, the system automatically alerts administrators through emails and messages
• Customized reports - In addition to the system's preset dashboards, managers can customize charts and dashboards based on queries or analysis
• AI-powered, real-time Security Information and Event Management (SIEM) - Leveraging Convolutional Neural Networks (CNN), Natural Language Processing (NLP), and advanced infrastructure components, this system provides a robust security solution that detects, analyzes, and responds to threats in real-time

• Traffic data analysis - collect and analyze all current internal network data and device information through traffic
• Attack threat analysis - Combining Zeek and Suricate intrusion attack signature systems to compare which attacks are ongoing on the internal network
• Diversified asset analysis - Combined with the MAC manufacturer database, automatically analyze the assets and brands on the network
• Protocol Analysis - Automatically analyze all communication protocols and connections through traffic collection
• Software Analysis - Actively analyze which software is currently executing in traffic packets and whether there are potential risks

• Threat Hunting - Quickly search for relevant information from different sources and identify potential threats through analysis
• Threat Analysis - In-depth study of malware, IOC (Indicator of Compromise) and other malicious behaviors
• Integrate SEMOR SIEM - integrate threat intelligence directly into log management and incident response processes
• Automated workflows - use connectors to automatically capture intelligence and customize triggering logic
• Built-in multiple intelligence connectors - More than 20 built-in intelligence connectors, which can connect to external intelligence resources (such as Crowdstrike, Fortinet, Paloalto, Cisco, Cybersixgill, Kaspersky, Recorded-Future, Sentinelone) and other world-renowned intelligence resources
• System formatting standards - following STIX2.1, data is directly compatible with other STIX formatting systems
• High performance - optimized data storage and retrieval mechanism to support big data analysis and processing

• Provide international 4A audit standards.
• Offer equipment/account/file access permission management.
• Provide operation/command/file operation and access records. 
• Enable real-time playback of video records and immediate connection interruption.

• Vnulnerability Analysis and Notice System - Combine asset management and vulnerability management to grasp the overall risk situation and assist agencies in implementing ISMS asset inventory and risk assessment tasks.
• Assets Risk Management System - Assess asset weaknesses and possible threats based on Confidentiality, Integrity and Availability, automatically calculate asset risks, and produce risk assessment reports that comply with regulations
• Compliance Reports - Provides international information security compliance reports. Includes PCI-DSS, GDPR, HIPPA, NITS-800, TSC and ISO-2001. The required compliance reports can be directly generated by Administrator

The system model rental includes four major items: log collection and correlation analysis, secure remote access, network security access, and internal and external network threat analysis and assessment. These four modules form the foundation of a zero-trust architecture.

Is composed of Wazuh and OpenSearch engine. It can collect logs, traffic, events, and more from all devices. All information can be analyzed using custom correlation analysis conditions, and relevant alarm trigger conditions can be set. When anomalies occur, the system will automatically issue alerts based on the configured policy.

The log collection system is composed of Wazuh and OpenSearch engine. It can collect logs, traffic, events, and more from all devices. All information can be analyzed using custom correlation analysis conditions, and relevant alarm trigger conditions can be set. When anomalies occur, the system will automatically issue alerts based on the configured policy.

The SEMOR platform, through its integration, provides multidimensional reporting for operations, monitoring, recording, analysis, and assessment. Users can customize their SEMOR situational platform based on their specific job requirements. With an intuitive drag-and-drop interface, users can easily adjust report column order, timelines, and other fields. This flexibility allows managers to quickly meet various needs for job management and analysis.

The SEMOR integrated monitoring and defense platform is capable of integrating multiple international brands. To achieve regional collaborative defense capabilities, it integrates with systems such as firewalls and network switches. When abnormal events occur, the platform promptly communicates with defense systems to issue defense instructions. This proactive defense helps prevent attack propagation and cross-infection, ultimately reducing the workload for administrators.