24/7 MDR & ELK for USM Appliance

24/7 MDR & ELK for USM Appliance


Request a Quote

Please give us 24 hours to respond to your request.

Castra + AlienVault History

Castra has been partners with AT&T AlienVault since 2013 and we have deployed USM in over 2,200+ organizations all over the world. 2,200+ successful USM Implementations are a testament to our mastery and USM Appliance expertise. USM’s rise in adoption amongst Small to Medium Businesses and Small to Medium Enterprises, played a key role in Castra’s growth since our inception. Deploying 2,200 platforms is one thing, deploying 2,200 successfully with a large percentage of customers returning for more services is another. Castra was using USM Appliance when it was an open source tool called OSSIM (Open Source Security Information Management) and we still work closely with AT&T AlienVault’s development team to continue to support and enhance the product. We have deep knowledge of this platform.

You’re in the best hands possible. Since 2012, Castra has deployed SIEM in over 2,000 organizations globally. Our SOC is second to none and is filled with well trained, US-Based, diligent Analysts who are all Exabeam experts with several years of Security Operations experience. Our transparent, integrated, and affordable approach coupled with a near 100% renewal rate is why we recently won Exabeam’s MSSP Partner of the Year Award.

AlienVault USM Appliance

Our Favorite Things About AlienVault

  • Asset Discovery - active and passive network discovery
  • Vulnerability Assessment – active network scanning, continuous vulnerability monitoring
  • Intrusion Detection - network and host IDS, file integrity monitoring
  • Behavioral Monitoring - netflow analysis, service availability monitoring
  • SIEM - log management, event correlation, analysis, and reporting
ExabeamPartner of the year 2020

We bend platforms to work in your environment.

Contact us to get started
"ElasticSearch is fast! Based on our testing on lab and production systems, we’re seeing 50x-100x speed improvements."
illustrated wide computer screen

Castra’s ELK Logger for USM Appliance

Castra has developed a powerful log management tool meant to become, expand or replace your existing USM Appliance Logger. It is a fully-integrated, drop-in replacement that is built using the ultra-fast ElasticSearch engine (a standard ELK stack), but incorporates several custom components that allow it to connect transparently to your USM Appliance as if it were a "real" Logger. Treat it like any other long term Logger. It brings fully indexed, rapid search capability to your log data, plus all of the benefits of the Kibana UI for advanced reporting and visualizations.

From your USM Appliance UI, it appears like a standard Logger, and you can search Raw Logs normally. Reports configured to run against the Logger also work as-is. And outside of the full USM Appliance integration, you also get the full Kibana interface with its visualization and reporting capabilities that have helped make the ELK stack so popular.

How is

  • Speed

    Most importantly, ElasticSearch is fast! Based on our testing on lab and production systems, we’re seeing searches return in seconds and large reports running in a minute or two. This makes your analysts more productive while making the overall USM Appliance platform more valuable for your security monitoring. The ELK Logger is more than just Raw Logs searches, the Castra Elastic solution is *fully* integrated, bringing its power to USM and appears to the system just like a normal Logger.

  • Expandibility

    Since it uses the ElasticSearch engine, this also opens up other possibilities including machine learning and anomaly detection using your log data. There are many other behavioral anomaly products out there, that can also sit on top of a Elastic data pool and provide new security insights for your environment.

  • Scalability

    With Castra’s ElasticSearch you’re not limited by the amount of data you need to store. Need 4TB, 8TB, more? No problem, increase the storage size or add more nodes! Need redundancy? Also no problem, add more nodes! Elasticsearch was built to run as a cluster, so it can scale to dozens or even hundreds of TB of data.

Virtual Requirements

Total Cores
--TB / -TB
Storage Capacity (TB)Compressed / Uncompressed
2 x 1GbE
Virtual Interfaces
VMware ESXi 4.0+ Hyper-V v3.0+
Virtualization Support (Windows Server 2008 SP2 and later)
Illustrated man with headset

Tying it all together

Castra and other high profile SOC teams shoot for the rule of thirds , where 1/3 of the analyst time is spent on alert response, 1/3 analyst of the time is spent on hunting and 1/3 analyst of the time is spent on alert improvement. This is moving away from the stacked team goal of numerous Tier1 individuals managing tickets and triage, moving things to Tier2 individuals for analysis and review, finally landing on a Tier3 desk for improvement and tuning. While we will always grow teams from within , Alienvault reduces the need for “numerous Tier1 individuals” helping our SOC be focused and productive while improving analyst retention due to reducing “alarm fatigue.”

illustrated graph on hexagons

Data Sheet & Case Study

Download more information based on the services you need here.

Castra manages your Exabeam SaaS or On Premise based SIEM / SOAR

Here’s how we connect with you.

castra elite mdr diagram

Castra's Elite MDR Overview


Fully Managed

Elite is Castra’s most in-depth service. Our Security Operations Center (SOC) watches your network, investigates security alarms, tunes the system for better visibility, and works with you when we find anomalies. You don’t need to manage the security platform or watch the console day by day - we do that for you. Let us take care of everything while you focus on your business.

Request a Quote


    • Training and enhancing USM Anywhere’s correlation engine
    • Proactive tuning, customer notification and orchestrated response post incident detection
    • Advanced alarm and orchestration response
    • Expert assistance on new service deployment from Security Operations Team
    • Designated Primary Security Analyst and 24x7 SOC
    • Documented Incident Response Plan
    • Intensive analysis of customer needs and network environment
    • Anomali Threatstream integration - best in class Threat Intelligence Platform (TIPS)
    • Custom behavioral modeling and detection rules for improved alarming
    • Custom notifications for Alarm outputs
    • Compliance Based Dashboards
    • Custom Reporting
    • Scheduled teleconferences with Security Operations Team covering: Alarm review and tuning, reporting and customization
    • Capacity planning
    • Risk posture adjustments
    • 24×7 monitoring by Security Operations Team
    • Cloud-based platform continuously monitors:
      • Hardware and software stats
      • Event flow rates
      • Capacity and performance information
      • Proactive tuning and customer notification upon problem detection