Products

  • LogInspect™
  • Vulnerability Assessment

LogInspect Features

Subpage_img

Rich Functionality

Easy-to-Use. LogInspect is designed with simplicity in mind and even complex features such as Event Correlation has been made easy to utilize. We believe that simplicity is the core of making a product like LogInspect really usable. It is more valuable if the information collected can be presented and reached with less effort. LogInspect represents information in a structured overview which allow to quickly spot new trends and drill-down into the relevant information.

C-I-A Impact Scoring. We have implemented the well known C-I-A model (Confidentiality, Integrity and Availability) directly to our core product. LogInspect calculate a threat impact scoring to all events detected. This allow people to apply the Risk Assessment model directly in the IT Security Operation and focus on the most important threats first.

Scaleable Solution. Multiple LogInspect units can cooperate in a distributed environment together with the Centralized Threat Analysis System (CTAS). This scalability design is useful for enterpises with remote offices, who needs a centralized overview.

Notifications & Responses. System owners can receive e-mail notifications when critical events are detected. This can of course be user defined, so the user can select the threat level they want notification on. The LogInspect Active Response give you the opportunity to make an automatic system Response when an event occur. An example could be blocking an IP in the Firewall or disable a user account automatically.

Modular Reports. The integrated report engine enable customized reporting. Reports can be schedulded so they will be ready in a mailbox every month for analysis or predefined templates be used. The templates cover a number of reports commonly used for Compliance and Security requirements.

Compatibility. LogInspect is designed using open protocols (ie. Syslog and SNMP) to collect data and consequently compatible, out of the box, with most possible imaginable systems in the market. 

Advanced Analysis. LogInspect comes with two advanced detection engines. The Event Correlation engine which can detect patterns of events, like "multiple failed user account logins" followed by "a successful login" from same user, will trigger an "Attempted Bruteforce Login" event. The second advanced engine is NADE (Network Abnormally Detection Engine) which can trigger an event on patterns detected in the network flow. An examble is "Possible infected Spam Host" just by looking on the network communication behaviour.

Open Rule Framework. The framework used to create rules is open for all users, this allow sharing and creating of the rules across the LogInspect community. Whether this is Correlation, Log Signature or NADE Signature then everything is customizable. Even the ImmuneSecurity Certified Signatures are open.