Reporting, Auditing and SEIM

A critical and often mandatory requirement today is the ability to access log data in real-time and historically. This data could be related to numerous event types dependant upon the system performing the logging such as authentication data, network flows, network access reporting, security event alerts, and application usage. At a minimum, this data should be logged to a location/device capable of natively receiving this data and storing it in its raw message format. Additionally, a properly deployed SEIM should be regularly used for both pro-active monitoring and historical post-mortem forensics. Ideally, this device should also be capable of perfoming several advanced actions on the received data-set such as:

  • Message parsing into a database capable of high speed indexing, querying and reporting
  • Message/Event correlation such that a security analyst can view pre-compiled data based upon various rule-sets
  • Alert triggers based upon an internal rule-engine and various thresholds

 

More Information:

For more information on SEIM Products, Solutions and Priveon Implementation Services, please contact us.