IBM

Supports various protocols for log collection, and provides uDSM (Universal Data Source Module), a user-defined log format for collecting, analyzing, and searching unsupported logs.
For syslog format logs that are supported by default, the Auto-Discovery function is supported, which automatically parses the format and registers the data source when logs are transmitted without a separate registration process.

Profiles and manages asset information identified through logs, flows, vulnerability diagnostics, etc., using managed asset information for correlation analysis, event tracking, and vulnerability information profiling.

Provides comprehensive correlation analysis rules and rule sets that analyze and interpret collected information such as logs, flows, and vulnerability information in real-time from various aspects.

In addition to correlation analysis, provides real-time Network Anomaly Behavior Detection (NBAD) functionality based on learned data.
Uses NBAD to respond to unknown attacks.

Provides a centralized web-based UI and dashboard.
Administrators/users connect to the UI using a browser to simultaneously perform monitoring and management activities.