SIEM Module is one of the strongest features of Energy Logserver. We have all the logs that allows us to perform deep security analysis. We store all Your logs, we agregate, predict, react and delvier full picture of all threads inside You infrastructure. Siem Module is made on the top of Wazuh, which is one of the strongest opensource security projects. That is right, the community can react much faster than any other vendor and we cover that with our professional support.
SIEM Features :
- Host Based Intrusion Detection System
- Running proceses analysis
- Operating system settings, kernel and network parameters controll
- Service settings controll
- File Integrity check, config files indexing
- Hidden files analysis
- Community driver early stage secutiry threads detection
- Internal policy checks
SIEM Module is an optional part of Energy Logserver which is covered with our best proffesional support.
Host Intrusion Detection System
SIEM Module will continuosly detect any security annomaly inside Your operating system.With automatic host scans, alerts rules correlation and intensive log colletion with deliver detailed view for all security relevant data. Deep scans are performed by SIEM agent that is rich with SIEM capabilities:
- File integrity monitoring
We detect file system changes, track content modification, detect permission and ownership changes along with checking all other file attributes. All incidents are automaticly delivered to Energy Logserver Index.
- Intrusion and anomaly detection
Community driven rulesets and corelations makes the Agent possible to detect unwanted software in Your infrastructure. SIEM will detect malware, rootkits or suspicious software accross all platforms, its services, hidden files and network traffic.
- Automated log analysis
Like Beats our SIEM Agent can read system logs and application logs performing security correlation. Alerting ruleset consist of application based definitions that covers common software like:
apache, apparmor, asterisk, cisco-ios, dovecot, firewalld, antivirus, mysql, named, Exchange, dhcp, ngnix, php, potfix, smbd, sonicwall, spamd, vmware, web rules, wordpress
- Policy and compliance monitoring
Once You set a own policy SIEM will controll all platform settings for critical components like : password rules, services configuration, tunelling, kernel parameters. Starting from now, We will assure that corporate security policy is met globaly, accross all running systems.