Meet Salem
The Virtual Cyber Analyst
The best way to remove false positives from your SOC

What it is

Salem is a platform that learns to analyze your cyber alerts to recommend which are false positives and which are likely threats.

Why it matters

It's tough to get value from many of the cyber threat detection tools you've bought. Anti-virus, network monitoring, security information and event management (SIEM), and behavior analytics -- they all serve a necessary role but are burdened with false positives.

A virtual analyst removes false positives, leaving you with the actionable alerts.

Different than SOAR

Security orchestration and automated response (SOAR) tools are great aids to hard-code analyst tasks.

A virtual analyst learns what's important to your business and makes decisions to eliminate false positive alerts before they go to the Security Operations Center (SOC).

How Salem Works

1. Send Salem Alerts from your existing tools

Salem collects alerts from your SIEM or other detection tools. Send Salem alerts from your new, difficult to tune, out-of-the-box, and/or compliance driven use cases.

2. Salem triages alerts to find and close false positives

Salem is pre-trained to think like a SOC analyst. Salem:
    - reads and understands alert detail
    - classifies what threat has been identified
    - adds additional context
    - decides if an alert is likely to be a false-positives.

Salem does the triage so your SOC can start monitoring 100's of new threat detection use cases.

3. Salem talks to you in your Microsoft Teams Chat

Salem periodically asks your SOC team simple questions about the alerts it sees to uncover institutional knowledge that can be reused to analyze future alerts. Salem learns what's important to your organization to better identify the alerts that aren't.

Integrate Salem with your SIEM

Send Salem alerts from your existing tools, including popular SIEM platforms
Splunk Logo
Splunk Enterprise Security
Azure Sentinel Logo
Microsoft Azure Sentinel
Microsoft Defender

Find Salem in the Azure Marketplace

Salem is a solution for your entire cyber footprint, but you get it in Azure to keep control over your data
See Salem in Action

Who Uses Salem...

Overwhelmed SOCs

Cyber analysts are often presented with similar threat use cases and asked to make repetitive decisions, which can lead to burnout. Learn how Salem's pre-trained AI can reduce false positives before they go to SOC analysts.
Learn More

Blue Teams

Are you a blue teamer needing to quickly get emerging threat use cases into production? Salem helps mature blue teams become more agile by triaging alerts from use cases still being tuned.
Learn More

Application Teams

Are you an app development or IT team that has enabled security monitoring but doesn't have anyone to review the alerts? Salem Can help!
Learn More

Salem deploys in your Azure Subscription

Salem is a solution for your entire cyber footprint, but you get it in Azure to keep control over your data
Get Salem in Azure

Salem Cyber FAQs

What is Salem?
What does Salem do?
How does Salem work?
What kinds of threats does Salem investigate?
What level of effort is needed from my team?
How do I get started?
Friends of Salem Newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.