Schedule A Meeting

SGBox is a NextGen SIEM platform able to gain network visibility by collecting and aggregating information from any IT infrastructure component, offering real time analysis and correlation capabilities to mitigate security risk and respond to threats. SGBox also provides a vulnerability scanning service to reduce the data breach risk, supporting the IT staff on making decisions, providing visibility of the network security posture.
SGBox’s architecture has been designed to serve both mid to large sized enterprises without any management issue. The scalable architecture allows to use remote security collectors to serve complex infrastructures and customer with geographically distributed branch offices.


Collects any log format from any type of data source. Normalization and classification of the collected events allow in-depth research, reports and dashboards produce the necessary documentation. Collected logs are signed and encrypted in order to ensure the inalterability of the stored data.


Working on the events generated by the modules and allows you to define correlation rules to detect anomalous behavior through a simple and intuitive interface. It allows you to respond to alerts with automatic and contextualized actions.


SGBox SIEM System Monitor continuously monitors device health, availability and performance. In the event of network errors, will alert the network administrator before problems get seriously out of hand. This helps protect your company’s data and reduces the likelihood of costly network failures. System Monitoring doesn’t need agents, simply collect information from devices, dozen of dashboards and reports are ready to use.


Whether your network is as small as one LAN or a complex environment, SGBox can automate the vulnerability process, all testing and report generation can be managed from one location. For network security and compliance challenges, individual reports can be automatically delivered to each business unit. Multiple scanners can be used to overcome


SGBox also supports behaviour analytics features with the User Behavior Analytics (or UBA) application. UBA is a software component that facilitates the identification of hidden threats coming from the internal network, helping SIEM platforms to act autonomously, without using manual correlation rules. SGBox’s UBA is designed to collect data related to all user activity, using statistical models to identify the standard behaviour in a given period of time, and highlighting abnormal, unusual actions.


AWA is an SGBox feature that leverage on the Windows Sysmon free Tool to increase the visibility of your Windows environment. AWA will help to detect malicious activity and promote better understanding of the in-deep aspect of Windows machines, by tracking many events and detailed information such as DNS Queries, Inbound/Outbound Connections, Registry changes, File tampering, Process Creation, Process Memory Usage, and many more.


Being able to collect Threat Intelligence Feeds from any Feed Provider, SGBox correlation engine can correlate devices events together with the IOC/IOA contained in the downloaded TIF (Threat Intelligence Feed) allowing organizations to proactively monitor against cyber-attacks and mitigate the risks to their operations and reputation.