redborder, as an information-gathering solution, has specific functions for receiving and processing the logs produced by computer systems, fundamentally in the security and networking equipment sphere.
This component, along with the others, utilises the characteristics of the redborder platform in general.
Collection of logs from any source, analysis, indexation, correlation, processing, unified repository of information, multiple configurations...
Custody of information gathered and aggregation by configurable times, Timestamping, Hashing, Implementation of security mechanisms, compliance reports (HIPAA, GLBA, PCI DSS, SOX, FISMA, ISO27001), auditing of user activity.
Administration, configuration and centralised auditing.
Despite the fact that the collection component for logs shares characteristics with the others, there are fundamental elements in its design and use which stem from the need for regulatory compliance. Therefore, it also has the following capacities:
All logs which arrive in the system are given a time mark which validates the exact moment in which said receipt occurred. The internal system time clock is used for this, which can be synchronised with an NTP time service or an ultra-precise time signal based on GPS hardware can be incorporated.
In order to avoid the alteration and/or modification of the stored logs, all of the entries are signed with a light algorithm with the server’s own digital certificate. If the user wishes, they can sign blocks of logs in a more robust manner and even send their signature to an external custody service (additional cost).
redborder extensively uses an OLAP database to store data which is then displayed. However, this database only stores the key fields which are also aggregated in time. Therefore, unlike the rest of the components, the logs are stored by double entry: a reduced version in the OLAP database and the original version in a distributed file system.
Download the brochure of SIEM / Logs