LogSentinel SIEM Overview¶
LogSentinel SIEM is a next-generation security information and event management system that serves as your organization's security center that monitors all digital assets and enables threat detection and response.
LogSentinel SIEM works and provides value by:
- Ingesting security logs and events from any data source:
- Network appliances
- Infrastructure-as-a-Service (AWS, Azure, GCP)
- Databases, including native audit logs
- Custom and legacy applications
- Anything that writes to a file, database, or syslog
- Detecting threats and other anomalies in the collected data by applying:
- Correlation rules (specifying detailed sequences of potentially malicious steps)
- Statistical rules (e.g. accounting for the standard deviation over a monitored period)
- Machine learning (unsupervised) for anomaly detection
- User and entity-based behavior analytics and risk scoring
- Threat intelligence feeds
- Phishing detection algorithms
- Responding to the detected threats by:
- Search and forensic capabilities for thorough investigations
- Automated, flexible alerting
- Executing custom scripts
- Integration with multiple automation solutions (SOAR, Ansible)
- Agent-based incident response by leveraging OSSEC capabilities
- Guaranteeing the integrity of all collected logs by using the cryptographic building blocks of blockchain
- No log entry can be modified or deleted
- There is cryptographic proof that the logs are untampered
- Covering compliance requirements of multiple standards and regulations (PCI-DSS, ISO 27001, GDPR, PSD2, HIPAA, GLBA, SOX)
You can install the LogSentinel Collector on premise to gather and send your logs securely to Amazon Web Services (AWS), where the LogSentinel SIEM is hosted. If you have data localization requirements, we are happy to accommodate those, relying on AWS data centers.
The powerful dashboard provides both an overview of all activity within the organization as well as the ability to drill down to the specific application, time, user, or type of action, giving the security team complete overview of activities in the IT infrastructure.
Unified security center¶
Track user activity, network resources, applications, databases and cloud services. LogSentinel SIEM normalizes data to a standard format, groups identical entries, performs custom-defined parsing, enriches it with threat data and then stores it and indexes it for flexible searches and drill-downs based on actors, actions performed and other criteria, including full-text search.
Get alerted for suspicious sctivity¶
Using rules, statistics and machine learning LogSentinel SIEM alerts you when suspicious or anomalous activity is detected in any system or network, or a combination of systems/networks.
In the event of a threat or a security incident, security teams or IT staff get the ability to quickly navigate through the data to find the root cause and the sequence of steps the malicious actor has taken.