SIEMonster Products.

SIEMonster is truly SIEM for everyone, whether you’re a charity, Starter, Enterprise or Managed Security Service Provider we have the range of products that will let you know exactly what’s happening in your network.

What is SIEMonster?

SIEMonster is the brainchild of a team of professional hackers with over 20 years’ experience hacking into companies around the world. Using this experience, SIEMonster has built modern security SIEM tools for companies wanting to detect threats and risks to their organization.


It all began when a global manufacturer detailed their frustrations at the exorbitant licensing costs of commercial SIEM products and asked whether we could build a SIEM to minimize these annual license fees. We thought that was a great idea and set out to build a SIEM that we would also use. SIEMonster now provides SIEM products for Managed Security Providers (MSSP’s) and Security Professionals around the world.

SIEMonster Options

SIEMonster Starter Edition

The SIEMonster Starter Edition is a single appliance or Virtual machine, for companies from 1-100 Nodes.

Product info 

SIEMonster Enterprise Edition

The SIEMonster Enterprise Edition. Monitor network assets in an affordable scalable solution.

Product info 

SIEMonster MSSP Edition

Want to run your own SOC? run our Multi-Tenant Edition for Managed Security Service Providers.

Product info 

SIEMonster SIEM as a service

Just want to see all of your events and alerts in a secure Internet accessible portal.

Product info 

SIEMonster RedBack Edition

The latest Edition to the Monster team is the Micro SIEM Redback appliance.

Product info 

Product comparison

  • Edition:  

  • Server Requirements:  

  • Endpoints:  

  • EPS:  

  • Cloud:  

  • Bare-Metal:  

  • Virtual Machine:  

  • Upgradeable:  

  • Support:  

  • Threat Intelligence:  

  • Human Based Behaviour:  

  • Machine Learning:  

  • HoneyNet:  

  • Threat Kill:  

  • Starter Edition
  • 1 Server
  • 1-200
  • 13,000
  • Enterprise Edition
  • 7+ Servers
  • 1-100,000
  • 500k+ (Cloud)
  • MSSP Edition
  • 7+ Servers
  • Infinite
  • Infinite
  • SIEM as a Service
  • NA
  • Infinite
  • Infinite
  • Redback
  • 1 Appliance
  • 1-50
  • 5000

Human Based Behavior

Every user has a behavioral fingerprint – that is, a unique, nuanced way they use their own computer. Behavioral fingerprints can be monitored to detect when something changes and risk increases, when the user just isn’t behaving like they usually do. SIEMonster working with ResponSight’s behavioral analytics monitors usage and detects non-users sooner, where others still fail. Operating where others continue to fail, ResponSight provides contextual intelligence so SIEMonster can reduce benign positives and set actionable priorities.

Threat Intelligence

As a part of the SIEMonster toolset, Palo Alto MineMeld is a Threat intelligence processing framework that can be used to collect, aggregate and filter indicators from a variety of sources and intelligence feeds. Providing vectors for translation tables in the form of known malicious domains used for Phishing, C&C hosts, TOR endpoints and known compromised hosts. This threat intelligence is then used to identify/detect such hosts contained within incoming security log data.The Palo Alto Minemeld client application has been pre-installed to setup appropriate feeds. You can select both commercial feeds, open source free feeds and law enforcement sources.

Deep Learning

AI and subsets Machine & Deep Learning along with Neural Networks – terms often used by Security marketing vendors. The effectiveness of these tools can be limited by integration strategy, widening the gap between what can be considered benign and that which requires immediate action.

SIEMonster strives to close this gap through innovation to not only reduce false positives but apply counteraction and extend automation, reducing the load on the typical SOC analyst.

The ultimate SIEM tool, SIEMonster is not only affordable and customizable, but becomes the pulse of your organization’s security posture. With the ability to absorb third party endpoint protection data, SIEMonster can perform correlation instantly against other events and data. One of our customers said to us, “We get an alert, so what, can you kill the threat as well, as we just don’t have the staff?” This is what spurred us on to achieve autonomous counteractive strategies to shutdown critical threats. Applying real time analysis of SIEMonster event alert streams, Threat Intelligence, Deep Learning combined with Human Based Behavior traits and Honeypot data is a good start. By adding active Threat Hunting to the mix along with common IOC recognition and utilizing the Mitre Att&ck™ Framework, accuracy of threat recognition becomes sufficient to kill attacks. Without human intervention users can be disabled, IP addresses blocked and assets shut down, effectively removing the threat and reducing the workload of security administrators within the SOC.