Products

  • LogInspect™
  • Vulnerability Assessment

Log Analysis & Alerting

Subpage_img

Real-time Alerting and Advanced Reporting functions

The built-in intelligent log analysis engine will automatically detect and notify when a critical event has been detected. Events monitored could be an ongoing attack, a compromised system, a system breakdown or a user authentication.

Event Normalization. Events are normalized into a generic data format - which makes correlation, reporting, and searching much more effective.

Realtime Log Analysis. Will automatically detect system errors, attacks, network issues, failing backup rutines, user authentications, security modifications and much more.

Event Correlation. Events are correlated across multiple log sources to detect malicious behavior.

Rule Updates. Registered products automatically receive new log intelligence and correlation rules every 15min. The rule database is accessible by the user, to create new rules or edit existing one.

Log Aggregation. Events are aggregated into threat categories and summarized.

Trend Analysis. Multiple trend and statistical analysis views are integrated.

Impact Measurement. Each security event is weighted against the assets risk values. The weight is calculated based on each security events threat index and the assets confidentiality, integrity and availability values.

Supported Log Intelligence. LogInspect supports a wide range of commercial and open source log sources. This ranges from Microsoft and various UNIX platforms to security and network equipment to applications.

The integrated Network Abnormally Detection Engine (NADE) will process and analyze firewall network communication sessions in realtime. This allow to easily extract network flow reports about who communicated with what, when and where. Another benefit is that malicious network commuication behavior is easily spotted from the trend analysis.

Network Flow Analysis. Our Network Abnormally Detection Engine (NADE) performs realtime network flow analysis.

Network Flow Trends. Reports are generated for the following top blocked, allowed and combined network flows. Source and Destination connections, Source and Destinations services, Destination IP Protocol.

Network Flow Searching. Advanced searching has been integrated to extract reports about who communicated with what, when and where.