SIEM / Logs

redborder, as an information-gathering solution, has specific functions for receiving and processing the logs produced by computer systems, fundamentally in the security and networking equipment sphere.

This component, along with the others, utilises the characteristics of the redborder platform in general.

Characteristics

  Management of Logs

Collection of logs from any source, analysis, indexation, correlation, processing, unified repository of information, multiple configurations...

  Exploitation of the information

Search, monitoring and analysis of data generated via any Log.

Forensic analysis.

Graphic representation of the information.

Automatic response to diagnostics and consultations.

Drill down.

Real-time and past metric reports.

Generation of Alerts.

Alarm emission.

  Compliance

Custody of information gathered and aggregation by configurable times, Timestamping, Hashing, Implementation of security mechanisms, compliance reports (HIPAA, GLBA, PCI DSS, SOX, FISMA, ISO27001), auditing of user activity.

  Platform

Data intake in real time.

Data access, availability of different profiles, administration via GUI.

Horizontal scaling.

Automatic recovery.

Administration, configuration and centralised auditing.


Capacities

Despite the fact that the collection component for logs shares characteristics with the others, there are fundamental elements in its design and use which stem from the need for regulatory compliance. Therefore, it also has the following capacities:

  Timestamping

All logs which arrive in the system are given a time mark which validates the exact moment in which said receipt occurred. The internal system time clock is used for this, which can be synchronised with an NTP time service or an ultra-precise time signal based on GPS hardware can be incorporated.

  Hashing

In order to avoid the alteration and/or modification of the stored logs, all of the entries are signed with a light algorithm with the server’s own digital certificate. If the user wishes, they can sign blocks of logs in a more robust manner and even send their signature to an external custody service (additional cost).

  Complete data

redborder extensively uses an OLAP database to store data which is then displayed. However, this database only stores the key fields which are also aggregated in time. Therefore, unlike the rest of the components, the logs are stored by double entry: a reduced version in the OLAP database and the original version in a distributed file system.

SIEM / Logs

Download the brochure of SIEM / Logs

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read more