Expel Launches Managed SIEM to Take Detection Engineering Off Security Teams’ Plates
好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得通读整篇文章,抓住关键点。 文章主要讲的是Expel在RSAC 2026大会上推出了Managed SIEM服务。这个服务是与客户合作管理的,把Expel的检测工程师直接放到客户的Microsoft Sentinel和Splunk Enterprise Security环境中。目的是解决SIEM承诺和安全团队实际工作之间的不匹配问题。 大多数组织购买SIEM是为了检测威胁,但结果却花了很多时间在规则调整、数据摄入管理和日常维护上。Expel的首席战略官提到,客户买SIEM是为了检测威胁,而不是花时间管理它。因此,他们的服务分为两个层级:Detection Engineering和Performance Engineering,分别提供不同的支持。 此外,这个服务不需要客户通过Expel购买SIEM,也不从数据量中获利,反而建议减少摄入成本。所有的检测规则都归客户所有,并且没有专有格式或锁定。服务还集成了SIEM警报到Expel的MDR工作流程中,并提供季度业务审查。 最后,Managed SIEM是在成功测试后推出的,作为Expel MDR的附加功能,定价根据攻击面和日志源数量而定。 总结的时候要涵盖推出时间、服务名称、合作管理、解决的问题、两个层级的服务、客户自主权、规则归属以及集成到MDR中。控制在100字以内的话,可能需要精简一些细节。 比如:“Expel推出Managed SIEM服务,在RSAC 2026大会上亮相。该服务将检测工程师嵌入客户环境,解决SIEM承诺与实际使用不符的问题。分为Detection Engineering和Performance Engineering两层支持。客户保有完全自主权,规则归其所有,并集成至MDR流程。” 这样大概在100字左右。 </think> Expel推出Managed SIEM服务,在RSAC 2026大会上亮相。该服务将检测工程师嵌入客户环境,解决SIEM承诺与实际使用不符的问题。分为Detection Engineering和Performance Engineering两层支持。客户保有完全自主权,规则归其所有,并集成至MDR流程。 2026-3-23 23:13:6 Author: securityboulevard.com(查看原文) 阅读量:6 收藏

Avatar photo

Expel launched Managed SIEM on Monday at RSAC 2026, a co-managed service that puts the company’s detection engineers directly inside customers’ Microsoft Sentinel and Splunk Enterprise Security environments.

The service is designed to address what Expel calls a fundamental mismatch between what SIEMs promise and what security teams actually end up spending time on. Most organizations buy SIEMs to detect threats, but find themselves consumed instead by rule tuning, data ingestion management, and ongoing administration.

“Organizations didn’t spend millions on SIEMs to waste endless hours administering them; they bought them to detect threats and protect the business,” said Justin Bajko, Chief Strategy Officer at Expel. “Too many teams are consumed by the day-to-day grind of keeping their SIEM running instead of using it to actually secure their organization. Our Managed SIEM service takes that tedious management out of the hands of our customers’ SOCs, so they can focus their efforts on what actually matters.”

The service is available in two tiers. Detection Engineering provides ongoing, structured detection support: Expel reviews existing rules, evaluates coverage against threat scenarios, and reduces noise. Performance Engineering goes deeper, with a co-managed model where Expel actively monitors SIEM health, builds automation, and optimizes ingestion costs alongside the customer team.

The offering does not require customers to buy their SIEM through Expel, and the company says it doesn’t profit from increased data volume. In fact, Expel actively recommends ways to reduce ingestion costs. Every detection rule Expel writes belongs to the customer, with no proprietary formats or lock-in.

The service also integrates SIEM alerts directly into Expel’s 24×7 MDR investigation and response workflows, and includes quarterly business reviews showing detection efficacy. Customers can see every rule, every filter, and every tuning decision in real time.

Expel Managed SIEM follows a successful beta program and is generally available now as an add-on to Expel MDR. The Detection Engineering subscription is priced by the number of attack surfaces and log sources. Performance Engineering is scoped and quoted per project. No platform migration is required.


文章来源: https://securityboulevard.com/2026/03/expel-launches-managed-siem-to-take-detection-engineering-off-security-teams-plates/
如有侵权请联系:admin#unsafe.sh