Extended AI Capabilities and Resource Visualisation: New Features in Kaspersky SIEM

To bolster the productivity and effectiveness of cybersecurity teams, Kaspersky has unveiled a significant update to its Security Information and Event Management (SIEM) solution. The enhanced platform provides a new AI module for faster and more effective alert triage, helps to visualise resource dependencies, and enables extended search capabilities.

According to Verified Market Research, the SIEM market was valued at $5.21 billion in 2024 and is expected to reach $10.09 billion by 2031. Among the key factors contributing to such growth are rising cyber threats, regulatory compliance requirements, and demand for rapid threat detection. Businesses are searching for solutions that enable them to collect and analyse data in real time, significantly enhancing their situational awareness. To meet this demand, Kaspersky added new features to its SIEM, allowing cybersecurity professionals to detect threats more efficiently.

Kaspersky SIEM is a security operations centre (SOC) platform based on an AI-powered technology stack and reinforced by world-leading Threat Intelligence. The platform collects log data and enriches it with contextual information and actionable threat intelligence to provide all the data needed for incident investigation and response while enabling automated responses to alerts and threat hunting.

New AI Module
Kaspersky SIEM features a new AI module that improves triage alerts and incidents by analysing historical data, while AI-based risk scoring of assets provides valuable hypotheses for proactive searches. This module analyses how the characteristics of a particular activity relate to different assets – workstations, virtual machines, mobile phones, and more. If an alert detected by the system is atypical for the asset on which it is identified, the system marks it with an additional status. Analysts can quickly see incidents requiring immediate attention.

Data Collection by the Kaspersky Endpoint Security Agent
Previously, collecting data from workstations running Windows and Linux required installing a SIEM agent on each station or configuring data transmission to an intermediate host. Now, if the Kaspersky Endpoint Security agent is installed, it can directly send data to the SIEM system. This eliminates the additional step of installing separate SIEM agents for customers already using Kaspersky products for endpoint security.

Resource Dependencies Graph and Extended Search Capabilities
The platform also improves its search capabilities, now allowing users to visualise resource connections (filters, rules, lists) with a hierarchical folder structure. This makes it easier to locate the correct search query for large teams or multiple stored searches. Analysts can create “rolling window” reports and store search query history, enabling quick access to past inquiries.

Content Versioning
Kaspersky SIEM stores the history of resource changes as versions, which are automatically created when a new resource is added or modified. This simplifies collaboration among analysts by allowing team members to track and, if needed, undo changes made by others.

Unique Field Mapping
The updated platform enables analysts to add specified field values from correlation rules to a correlation event, saving time by eliminating the need to search through field values in underlying events. Analysts can also add specific field values to an exception list if an alert is identified as a false positive, reducing noise from correlation rules.

“As SIEM is one of the main tools for SOC teams and IT security departments, we do everything we can to make our platform easier to use. These new features mean businesses can react to events faster and with less effort. Our out-of-the-box rules now cover over 400 techniques from the MITRE ATT&CK matrix, and the number of supported sources has reached close to 300,” commented Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.

To learn more about Kaspersky SIEM, please visit the website.