SureLog SIEM is a security platform which differs from many SIEM products. The main difference is; correlation engine which you can develop your own logic with a High-Level Domain-specific Language. There is no restriction in the logic because you can develop your logic in JAVA including Machine learning, statistical methods and artificial intelligence. SureLog is ready for the fallowing ML libraries also. • https://www.tensorflow.org • http://mahout.apache.org • http://spark.apache.org/docs/latest/mllib-guide.html • https://github.com/padreati/rapaio

1. Rule As a Code – SureLog Correlation Engine and Beyond
SureLog SIEM is a security platform which differs from many SIEM products. The main
difference is; correlation engine which you can develop your own logic with a High-Level
Domain-specific Language. There is no restriction in the logic because you can develop your
logic in JAVA including Machine learning, statistical methods and artificial intelligence.
SureLog is ready for the fallowing ML libraries also.
 https://www.tensorflow.org
 http://mahout.apache.org
 http://spark.apache.org/docs/latest/mllib-guide.html
 https://github.com/padreati/rapaio
SureLog has a correlation engine and has a feature called Rule As a Code which is Rule+Code.
SIEM is complex – and everyone knows it. Requires personnel and needs configuration.
This is why current SIEM trends are Co-Managed or Managed SIEM projects. It is obvious that
end users do not want to spend time in order to develop SIEM rules. They want that rules are
developed by experienced consultants or companies. So, instead of working fully on correlation
wizard (GUI) side – which is used by end users, we found to remove barriers on detection
capabilities (correlation engine+coding framework) of SIEM is more valuable and we developed
a coding framework in order to open borders of SIEM correlation restrictions.
How does SureLog differs from a SIEM tool?
First and foremost, it comes back to the additional services, expertise and experience that our
human team provides.
SureLog Correlation is based on rules and coding framework:
Rules are predefined to detect patterns. They are continuously enhanced and customized.
Codingframework comprises the correlation engine‘s abilities to develop any logic as a
SIEM rule.
SureLog is using JAVA as a High-Level Domain-specific Language which removes barriers for
rule creation for the SIEM system. For example:

2.  Monitor if one of your IT staff will leave the company (HR logs), and he is reaching
machines which is not reached before or reaching his machines after work hours and
sending some documents to public storage sites.
 You have an outlier algorithm in Python and want to apply this to last month.
 You have any Scala code for anomaly detection and want to apply this
 Java bindings for Yara (https://github.com/Yara-Rules/rules)
 You want to ping to a critical server and ping time is > 0.3 mis you want to
dump new logged in users and after which processes those users started
 If Value of a cell is more than %50 of standart deviation of Column A on Table B
Notify
With the correlation framework (rule engine plus real time free form java rule interpreter) it is
easy to develop a statistical anomaly detection rules as well as many other ML and AI algorithms.
Any java code can be injected to the system without the need of restart.
Some SIEM solutions may not detect some attacks, but custom code and advanced analysts do.
The team needs to build the value on top with custom code. Whether it is old school analytics
(most people would call trend charts) or newer analytics (involving supervised machine learning
and temporal behavioral analysis), a great deal of security expertise and historical analysis goes
into the most reliable detection organizations have built on the data they happen to store in their
SIEM. The resource-blessed security team is not operating with default SIEM detection, but
rather using its data as source for their complex software, which looks for patterns, and strings
together search queries to improve their chances and use the available search capabilities for the
investigation. This doesn't mean your team is using the SIEM as a database. The best SIEM
solutions out there just allow you to build this custom code on top of their data by providing
software development kits. This works extremely well for Co-Managed and Managed SIEM
projects.
Open coding framework is different from black-box technologies like UEBA, NBA.
A crucial component of SureLog’s correlation coding framework accuracy and effectiveness is
the fact that coding and production results are fully transparent and traceable, something not
possible in ‘black-box’ solutions like machine-learning approaches. Current UBA tools are
coming with a fixed configuration of analytics and is hidden
Vendors can’t sell black boxes. Users need to understand what a machine learning model is doing
and how they themselves can manage, control and tune the results as needed.
Some vendors have come up with an innovative approach to this black box dilemma for their
clients. machine learning engines automatically generate rules using attributes provided by their
ML models.