SIEM Log Collection and Correlation
Each device in today’s computer environment have a capability to write the event’s to a log file, these files need to be monitored on a daily basis. These log files will quickly show the administrator that a attack in underway.
But we are all human, it is impossible today to monitor your logs and to perform your day-to-day work that is required from you.
- Do you read through all the events in your log file on a daily basis? YES / NO
- Do you investigate all the event ID’s that are found in the log files? YES / NO
- Do you keep your log files for forensic investigation in a specific location? YES / NO
In the event that you answered NO to any of the above questions, you have to look at a “Log Management” solution. Your event logs need to be collected from all servers/networking /desktop/Firewall/Web computer equipment, and these logs need to be correlated. Without the event log correlation you will not detect that “Bot-net” in your network.
That is why G.T.S.P. offer you AlienVault®, this Security Intelligence Platform, delivers an intelligent, integrated and automated security solution that provides complete, 360° security intelligence across your entire network, no matter how large or small.
– Unified collection, aggregation and analysis architecture for application logs, security events, vulnerability data, IAM data, configuration files and network flow telemetry.
– A common platform for all searching, filtering, rule writing, and reporting functions.
– A single user interface for all log management, risk modeling, vulnerability prioritization, incident detection and impact analysis tasks.
– Real-time monitoring that can provide immediate notification of high-risk or known bad conditions.
– Monitoring for targeted attack detection is more effective when real-time monitoring is augmented by activity analysis reports that are focused on specific domains, and are distributed to domain experts in the network, server, database and application support areas for “lean forward” examination.
– Behavioral profiling and the addition of threat intelligence data can improve the effectiveness of breach detection.