MaxPatrol SIEM

MaxPatrol Security Information and Event Management provides 360º visibility into infrastructure and detects security incidents. Regularly updated with knowledge from Positive Technologies experts. Effortlessly adapts to network changes.


Identifies the most relevant threats

The system regularly receives fresh knowledge about how to detect new threats in the form of expertise packages. This allows users to detect attack techniques and tactics before serious consequences occur.

Gives full visibility of IT infrastructure

MaxPatrol SIEM is based on a unique IT asset management technology (security asset management). Thanks to it, MaxPatrol SIEM collects data about everything that is on the network, in active and passive mode, making the IT infrastructure transparent to the information security operator.

Takes into account changes in infrastructure

Accurately identifies IT assets even in an ever-changing landscape and adapts asset groups to network changes. This helps to easily configure the work of correlation rules, constantly monitor working systems with non-updated software or the same vulnerabilities.

Lowers the threshold for entering the SIEM world

We are constantly simplifying the product so that even a beginner can deploy MaxPatrol SIEM, work with it and detect threats. For example, over the past two years, the product has introduced a regular supply of expertise packages, a system setup checklist, a correlation rules constructor, and functionality to quickly reduce the number of false positives.



  1. Regularly receives fresh expert knowledge to identify current threats
  2. Controls the relevance of data on IT infrastructure
  3. Monitors the state of information security in large hierarchical infrastructures
  4. Controls the quality of system settings using a checklist
  5. Allows you to create your own correlation rules using a flexible constructor
  6. Controls the operation of information security event sources
  7. Assesses the level of organization security and the effectiveness of information security processes using the PT SIP module


Why is MaxPatrol SIEM better than its competitors?

Leading domestic SIEM solution. The product has been implemented in more than 250 industrial, transport, financial companies, in the private and public sector, in government. According to IDC research, MaxPatrol SIEM is one of the top three leaders in the Russian SIEM market. Other domestic SIEM systems occupy no more than 6% of the market

Regularly receives expertise to detect threats. Once every two months, MaxPatrol SIEM is updated with expertise packs with new correlation rules, indicators of compromise, and playbooks

He knows the most pressing threats to Russia. Expertise in the product is the result of our investigations of complex incidents, the study of new threats and methods of hacking Russian companies, as well as monitoring the activities of all major hacker groups in Russia and the CIS

Developing rapidly. We release two releases a year, regularly introduce new technologies and constantly expand the product development team

Complies with information security requirements. Helps to comply with the requirements of laws No. 152-FZ, 161-FZ, 187-FZ, FSTEC orders No. 21, 17 and 31, STO BR IBBS, RS BR IBBS-2.5-2014, GOST R 57580.1-2017, international standard PCI DSS


About Positive Technologies

Positive Technologies is a leading global provider of information security solutions. Over 2,300 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only company in Russia to go public on the Moscow Exchange (MOEX: POSI).

For 20 years, our mission has been to counter hacker actions before unacceptable damage is done to a business or entire industries.

Our new class of solutions—metaproducts—focuses on the results-oriented approach to cybersecurity. Metaproducts detect and stop attacks in automatic mode with the help of just one person. Positive Technologies’ first metaproduct, MaxPatrol O2, automatically detects and prevents attacks before unacceptable damage is done to the company. MaxPatrol O2 can replace the entire team of a security monitoring center, and it only takes one person to manage it; all in all, this protection system requires minimum knowledge and effort from a specialist.

To demonstrate that the results-oriented approach to information security truly works, we conduct cyberexercises (on our own infrastructure as well as others’) and publicly test our products. Our solutions are based on the research experience and expertise of several hundred information security experts.