Nucleus is actually complementary to a SIEM tool in pretty much every way. SIEMs are designed to alert on security events from network events, whereas Nucleus is focused exclusively on finding, triaging, automating, and reporting on security vulnerabilities. SIEMs do not give you the ability to see all your vulnerability scan data, arbitrarily group that data, track each vulnerability and manage it in regards to the scans. Pulling actionable vulnerability metrics out of a SIEM requires users to manually go through all the SIEM data to normalize data, scoring, definitions, attributes, and statuses in order to understand what is going on.
Nucleus is often used to complement SIEMs, and data from Nucleus can actually be pushed to your SIEM from the built-in Nucleus syslog connector. This connector provides 2 main benefits:
1. Connect all your vulnerability scanning tools into the SIEM - while some SIEM platforms pull in vulnerability scans from some providers, they do not provide connectors to all the vulnerability scanners in use in your organization. The data that they do import is raw, and for the most part, unactionable. Nucleus sanitizes the data for you and your users to allow them to easily and efficiently do their jobs as vulnerability managers.
2. Save money on data storage - many SIEMs charge based on disk space. Nucleus can serve as the collection point for all your vulnerability scanning information, and you can provide rules to automatically only alert the most important vulnerability scanning information to your SIEM. This can decrease SIEM costs from vulnerability scanning data by up to 1000x. And the data that does go through to the SIEM is only the most important information, so alert fatigue is decreased as well.
Have more questions? Request a Demo for more information