Co-Managed SIEM

Various roles with different skills are required to operate an SIEM solution. Our hybrid, modular and flexible co-managed SIEM approach lets you decide which areas of expertise you want to develop in-house and which services to purchase from us. Together, we ensure you end up with a first-class SIEM operation.

Our co-managed SIEM approach adapts flexibly to your needs.

From taking on individual roles to operating the whole SIEM, we adapt with flexibility to your requirements. No matter how you want to operate your SIEM solution, speak to us. We offer you flexible support in the areas where you need our expertise, while everything else stays in-house with you.

Threat hunting

Threat hunting

• Log data analysis of internal or external incidents
• Log data analysis based on newly discovered IOCs and detected attacks on other SECUINFRA clients
• Clear recommendations for the incident response team if and when security incidents occur


Level 1 analysis

• Initial analysis of SIEM alerts
• Elimination of false positives and duplicate notifications
• Escalation of relevant incidents to Level 2 analysis


Level 2 analysis

• Detailed analysis and assessment of relevant incidents
• Consultation with the users and staff affected to clearly assess relevant incidents
• Clear recommendations for the incident response team if and when security incidents occur

Incident Response

Incident response support

• Performance of compromise assessments for identifying compromised IT systems
• Performance of forensic analysis to clarify the course of events and secure evidence
• Incident response support for the fastest possible recovery of IT operations


SIEM content development

• Development, maintenance and continuous optimization of end-to-end SIEM use cases
• Development, maintenance and continuous optimization of other SIEM content
• Development, maintenance and continuous optimization of connections to external systems


SIEM platform operation

• Ensuring smooth SIEM operations
• Permanent monitoring of the availability and utilization of all SIEM components
• Continuous updating of all SIEM components


Log sources monitoring

• Ensuring the quality and availability of connected log data
• Permanent monitoring of the availability and quality of connected log data
• Implementation of the necessary updates if and when changes are made to log sources



Our co-managed SIEM portfolio is made up of individual modules. Depending on your needs, you can have us perform specific roles or manage the complete operation of your SIEM for you.


We are flexible and can adjust our co-managed SIEM service fully to your needs and processes.


Together, we decide which co-managed SIEM services to provide on your premises and which can be provided remotely from our Cyber Defense Center in Germany.

Privacy policy

Your data always stays in your possession and never leaves your company. Your data is accessed exclusively from Germany. You have complete control and a full overview of your data at all times.


Our knowledge and expertise are the product of years of hands-on experience in the field operating our own Cyber Defense Center as well as setting up and running numerous SIEM, SOC, CERT and cyber defense centers for notable customers.

With the SECUINFRA co-managed SIEM approach, all SIEM components and data always stay with you. The detection mechanisms (SIEM use cases) are also your intellectual property and belong to you. This means you can easily make adjustments to your SIEM operations at any time.

The SECUINFRA Co-Managed SIEM approach allows you to minimize dependencies and hidden costs.

Depending on the task at hand, our cyber defense experts can work locally at your site or access your SIEM remotely via a secure connection.

Co-Managed SIEM – Level 1 and Level 2 analysis

A SECUINFRA co-managed SIEM can do more!
Our cyber defense experts always stay on top of the current threat situation and constantly analyze conspicuous events (SIEM alerts). They escalate security breaches to the Incident Response Team along with an assessment and clear recommendations for countermeasures.

Co-Managed SIEM – SIEM content development

SECUINFRA has continually invested in SIEM content development since 2010 and developed truly innovative concepts, methods and techniques.

SECUINFRA has developed SIEM concepts that are unmatched internationally – including our “status-based SIEM” approach, which has allowed SECUINFRA clients to keep track of active cyber attacks and compliance breaches, the Application Security Cockpit for monitoring critical applications as well as our constantly growing end-to-end SIEM use case library.

Day in, day out, our SIEM content developers apply their own experience together with the concepts, methods and techniques developed by SECUINFRA, allowing them to continue evolving.


The SIEM use case designer reviews your requirements for the SIEM and determines if and how they can be implemented to meet your needs. They also calculate the outlay required and coordinate the implementation in the areas of log policy development, connector development and use case development. Our SIEM use case designers have years of experience in SIEM and can also help you to precisely articulate your requirements.


If the SIEM is able to provide log data of suitable quality, our SIEM expert gives the SIEM added “intelligence”. This involves defining and implementing the algorithms that will detect any anomalies. To do this, they access our internal end-to-end use case database. If we do not receive any specific strict specifications for the development methodology or naming conventions, we use our own SIEM use case framework.


Our connector developer is responsible for connecting log sources to the SIEM. If log sources are not supported as standard, we will develop suitable connectors for you. The development of these connectors requires specialist knowledge and, above all, a lot of experience. As some of our SIEM experts are engaged in developing connectors nearly every day, they are in a position to deliver swift, efficient results.


In the area of log policy development, we support you in defining the right log policy for each log source type. These form the basis of every SIEM. Anomalies can only be detected by generating the necessary data with the right content. This is where the many years of experience we have gained from numerous projects over comes in useful.

Co-Managed SIEM – SIEM platform operation

The stable operation of all SIEM components is the basis for detecting security incidents.
Monitoring the capacity utilization of SIEM components
This sort of monitoring makes it possible to analyze capacity changes over time and then quickly deal with bottlenecks.
Maintenance of SIEM components
By maintaining all SIEM components, we ensure that you are always up to date.

Co-Managed SIEM – log source monitoring

You need high-quality data to detect security incidents.
Monitoring the quality of incoming events
When monitoring the quality of incoming events, we focus on making sure that incoming security-related events can be processed correctly by the SIEM.
Maintenance of data connections
By maintaining the SIEM connectors, we regularly implement improvements from SIEM product manufacturers for processing incoming events.

Customer examples

All of our co-managed SIEM services are available as individual modules, meaning they are very flexible and can be adapted for your requirements. We have gathered together a few examples of this in practice to demonstrate how we work with our other customers.

With our first co-managed SIEM customers in the area of financial services, we have built up a relationship of trust over several years as their SIEM content provider. In 2014, for reasons of compliance, our client was facing the decision of whether to set up an SOC themselves or to purchase managed SIEM externally. The idea was simple and brilliant: SECUINFRA provides these services. Our Cyber Defense Center was born.

One of our larger customers with more than a billion security events per day comes from the IT services sector. As part of his outsourcing projects, he is obliged to offer managed SIEM, but does not consider this as his core business. With SECUINFRA, he has found a reliable partner with expert know-how to support his customers professionally in the area of SIEM.

One of our customers from the insurance sector has made a conscious decision to purchase the SIEM platform operation from SECUINFRA from the very beginning. Furthermore, we support our customer in keeping an overview of his current threat situation. This frees up capacities and allows the customer to focus on detailed analysis and defense against cyber attacks. New SIEM content is developed jointly on a project basis.



Best SIEM Consulting/Service company in Europe
Publisher’s Choice Award in Security Information Event Management (SIEM)
Leading provider of SIEM consulting services in Germany
TOP 10 SIEM Consulting/Service company in Europe

References for our Co-Managed SIEM portfolio

    SECUINFRA does not publish a client list or references.
    Our clients’ right to privacy always trumps our marketing interests.
    Since 2010, we’ve been focusing on SIEM consulting and managed to gain more SIEM consulting experience than any other company in Europe on more than 150 client projects – totaling 28,000 days of consulting. Almost all clients were made aware of SECUINFRA through a referral and have went on to recommend us to others in turn.
    If you’re interested in our services, we’ll happily put you in touch with suitable reference clients.