Capstash SIEM solution

CapMon’s CapStash is a SIEM enterprise solution for log management of the entire IT infrastructure. It increases the security across the organisation.

Get a real-time view of the IT infrastructure and a registration of any potential threats.

You can monitor all the way down to the application layer and thereby be able to identify possible cyber attacks or other events and verify whether it is a real, malicious threat (event), if it has consequences for the business – and if so, which consequences.

Efficient incident management

The solution is a scalable, simple, and extremely powerful tool for correlating and aggregating logs. Log agents will be installed on the machines from which you want to transfer log files to CapStash. You will get fast colletion and display of data on your dashboard to be used for the subsequent analysis, domumentation and reporting.

You can choose historical data storage and filter your logs to reduce “False Positives” – all functionalities which contribute to quick, efficient and prober incident management.

Total overview of your data monitored

CapStash can be integrated in the CapMon monitoring system in order to view selected data on the CapMon dashboard. Thus, you will get a complete overview of your most important monitoring data.


Machine Learning

CapStash  uses “Machine Learning”, i.e. you can detect log patterns with a single click. “Anomaly scores” are then created based on any unusual activities. When the system detect serious incidents you will automatically be alerted.

You will no longer have to constantly keep an eye on the dashboard, as you will be advised on any anomalies and thereby save both time and resources.

CapStash can be used in many areas:

IT operations: Spot any unusual changes in the systems

Security: Identify unusual network activity or user behaviour and stop the attacks before they do serious harm: DDOS attacks, data leaks etc.

Business Intelligence: Be alerted in case of unusual increase or decrease in number of  “shopping cards” on your webshop.

CapStash is faster than other SIEM logging systems, which is an important time saving factor.

CapStash is cost saving compared to other SIEM solutions, and it supports all log formats.

Logging is performed centrally from on single location.

It only takes a few minutes to correlate and store large amounts of data (Big data).

CapMon is Elastic OEM partner

Capmon’s ”CapStash” is based on Elastic modules. Elastic is used by thousands of organisations, among others Cisco, eBay, Goldman Sachs, NASA, Microsoft Wikipedia og Verizon, who use Elastic products to support mission critical systems.

CapStash log monitoring is a scalable solution that is offered as a complete SIEM solution or divided in phases: CapLog, CapSec, CapFlow

CapStash services

CapStash offers a variety of services enabling you to perform efficient proactive monitoring and SIEM management.

Log analysis & log managememnt

Log analysis

Real time search, collection, analyzing and storing of events from relevant data sources- detection and digital analysis of security incidents.

Collection of logs from your security controls and network units.

Forensics analysis (critical assets)

Forensics - log data

Comprehensive digital survey incl. comprehensive and in-depth analysis of the systems.

Detection of fraud, waste and abuse. Finds causes and takes preventive measures, thereby ensuring focus on critical assets and costs for the business.

Fine tuning

Log management finetuning

Reduction and filtering of false positive alarms, which often take up time and manpower

Your security staff will have better time to deal with the serious threats.

Reporting & documentation

Reporting and documentation

Weekly reporting and technical documentation. Event management is performed for each event.

You will receive documentation for revision and compliance purposes. You will get an assessment of the security level and escalation to “response teams” via a ticket system.

Maintenance and log sources

Maintenance of log sources

Addition of new removal of inactive assets in the SIEM environment.

Reduces network traffic and ensures focus on active and critical assets.

Proactive monitoring

Proactive monitoring

Find unusual logging activities in the network. Identify and correct small problems before they have the chance to develop into major problems. CapStash can perform central log monitoring

CapStash security services

Security awareness

Security awareness program

Establish and implement the security awareness program in the company to increase understanding of IT security in the organization.

Reduces the occurrence of data protection malware, spyware and virus attacks

Penetration testing & risk assessment

Penetration test and

Scan, evaluate the security risks in your IT infrastructure. Identify threats and vulnerabilities, and – if they are
critical / less critical or just  “false positives”.

By doing this you meet regulatory requirements and avoid fines