Introduction
Welcome to Fluency SIEM
This user manual helps you get the most out of your data by using Fluency SIEM.
Purpose
The manual aims to cover the technical aspects of the Fluency SIEM tool, and to demonstrate how Fluency enables organizations to collect, correlate, search, and report on diverse types of audit data.
For information on the Fluency Programming Lanuage (FPL), refer to the following link for the FPL Manual.
Collect
Fluency supports many ways to get data into the SIEM tool, listed on the Integration Matrix page.
- Each cloud instance is a dedicated, per-client Syslog endpoint (w/TLS)
- Support for many audit APIs from different products
- Support for Azure EventHub
- Compatible with Splunk's HEC (HTTP Event Collector), or similar HTTP webhook based collectors
- Also supports data transfer / streaming directly from AWS S3 buckets
Correlate
Fluency's proprietary EventWatch system correlates and generates alerts on collected data in real-time.
- Behavior event summary (w/ UEBA)
- Open-ended Risk Scoring system
- Alert suppression
- Instant notification / integration with ticketing systems
Search
Fluency's proprietary LavaDB database is purpose-built for streaming data analytics, and provides a cost-effective solution without compromising on performance.
- Scalable database, hosted on AWS archetecture
- Dynamic and automatically resizes resources based on client size and data ingress rate
- Task-based, parallel searching across long time slices
- One year hot-searchable database by default
Report
Among other things, Fluency's new Programming Language (FPL) excels at reporting.
Content
This site is roughly divided into a quick start, usage, architecture & design, and reference sections.
Quick Start
Usage
- Administration
- Featured Integrations
- Data Ingress
- Behavior Analytics
- Data Review/Workflow
- Search
- Alerts/Notification/Actions
Reference
Page last updated: 2023 Sep 08