SlideShare a Scribd company logo

SureLog SIEM

Ertugrul Akbas
Ertugrul Akbas

SureLog SEIM with real correlation and Intelligence

Technology
1 of 15
Download to read offline
www.anetusa.net SureLog International Edition //2016 The Easiest Solution for Next-Generation SIEM
page 2SureLog Next - Generation SIEM SureLog International Edition //2016 1. SURELOG: INTEGRATED SIEM AND LOG MANAGEMENT P-3 2. All-in-One IT Security Monitoring P-4 SIEM ...............................................................................................................................................P-4 Correlation Engine ............................................................................................................P-5 Advantages of SureLog Correlation Engine ........................................................................P-5 Simple Correlation Rules ................................................................................................P-6 Advanced Correlation Rules ................................................................................................P-7 Taxonomy ........................................................................................................................P-8 LOG MANAGEMENT ........................................................................................................................P-9 Comprehensive Log Data Collection and Log Management ...........................................P-9 Cross-platform Log Collection ..................................................................................P-10 Windows Event Logs: Agent-less or Agent-based ..........................................................P-10 Syslog .................................................................................................................................P-10 Flat File Logs ......................................................................................................................P-10 Tagging ......................................................................................................................P-11 Scalable Log Centralization ..............................................................................................P-11 Log Archiving and Retrieval ..............................................................................................P-11 Activity Auditing ..........................................................................................................P-11 3. SURELOG ADVANTAGES P-11 What problems does it solve? ..................................................................................P-12 What features does it offer? ..............................................................................................P-12
Chapter 1 SURELOG: INTEGRATED NEXT- GENERATION SIEM AND LOG MANAGEMENT
page 4SureLog Next - Generation SIEM 1. Surelog: Integrated Next Generation SIEM and Log Management ANET Security Informa- tion and Event Management Advanced Correla- tion Engine Security Operati- ons Center Log Management Log Forensics Threat Intelligence Security Reporting Real-Time Alerts Event Correlation & Analysis Compliance Management Rich Taxonomy Protecting Against Insider Attacks ANET SureLog delivers next-generation SIEM, log ma- nagement and intelligent security search in a simple, easyto-install and cost-effective solution that provi- des immediate value for security and compliance to organizations of any size. SureLog has a highly flexible architecture and sup- port for high volume data throughput rates. As well as the flexible architecture, SureLog possesses a superior correlation engine. The system lets you de- fine complex combinations of events that you need to be alerted on by easily creating and customizing correlation rules with a graphical, drag-and-drop rule creator. SureLog supports 155 brands and 350 devices and categorize logs into 1513 groups. The sophisticated threat intelligence management allows SureLog to dynamically collect black lists and update its database. • Multi-Functional Security Management Platform • Integrated Security and Log Management Plat- form • Real-time security management across thousan- ds of devices, including applications as diverse as satellite, cryptography and security devices. • Granular control over any type of event defini- tion, with the ability to collect, normalizes and integrates data from any device, application or service.
Chapter 2 ALL-IN-ONE IT SECURITY MONITORING
page 6SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET Superior SIEM and log management platform that seamlessly combines SIEM, Log Management with Host and Network Forensics, in a unified Security Intelligence Platform. SIEM SureLog is a web based, agent-less, SIEM, log analy- sis and reporting software. The software applicati- on monitors, collects, analyzes, and archives logs and monitoring parameters from enterprise-wide network perimeter security devices, Routers, Swit- ches, SNMP Devices, VM, DHCP servers, Linux or Windows Systems then generate reports. The devi- ces are, Firewalls, Proxy servers, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), and Virtual Private Networks (VPN), Mail Servers like MS Exchange Servers, Zimbra Mail Servers, Postfix Mail Servers etc.. , distributed Windows hosts, distribu- ted Unix hosts, Routers, Switches, and other SysLog devices, Application like IIS web server, IIS FTP server, MS SQL server, Oracle database server, DHCP Win- dows and Linux servers. The SureLog application generates graphs and reports that help in analyzing system problems with minimal impact on network performance. Two prominent features of the applica- tion are correlation and security reports. CorrelationEngine The Correlation Engine leverages predefined rules to identify attack patterns and malicious behavior. When trying to penetrate a system, attackers often take advantage of the fact that security controls are rarely working together and are rarely monitored. Correlation Engine helps to automate that analysis so that attacks can be quickly identified and breac- hes can be quickly contained. AdvantagesofSureLog CorrelationEngine Below are some advantages of SureLog: • SureLog is fast -Supports 50,000 EPS with thou- sands of rules • SureLog can trace multiple logs with different types within a defined time frame. A sample rule to support this advantage is: Detect an unusual condition where a source has authentication fa- ilures at a host, but is not followed by successful authentication at the same host within 2 hours • SureLog can correlate different logs (Example: Windows User Creation Event and Telnet Event) according to related fields. A sample rule to sup- port this advantage is: Look for a new account being created followed by immediate authenti- cation activity from that same account. It would detect the backdoor account creation followed by the account being used to telnet back into the system • SureLog can trace a log being created with desi- red parameters or not. A sample rule to support this advantage is: Detect an unusual condition where a source has authentication failures at a host, is not followed by a successful authenticati- on at the same host within 2 hours. • SureLog can audit privileged user activity such as new account creation for greater operational transparency • SureLog can correlate privileged user behavior with specific network activity. A sample rule to support this advantage is: Look for a new account being created followed by immediate authenti- cation activity from that same account. It would detect the backdoor account creation followed by the account being used to telnet back into the system • SureLog’s correlation rule editor is simple to use • SureLog supports multiple filtering options • SureLog supports compression-based correlation feature: SureLog can monitor multiple occurren- ces of the same event, removes redundancies, and reports them as a single event
page 7SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET • SureLog supports threshold-based correlation: SureLog has a threshold to trigger a report when a specified number of similar events occur • SureLog supports filter-based correlation: Sure- Log Inspects each event to determine if it matc- hes a pattern defined by a regular expression. If a match is found, an action may be triggered as specified in the rule. • SureLog supports sequence-based correlati- on: SureLog helps establish causality of events. Events can be correlated based on specific sequ- ential relationships. For example, synchronizing multiple events such as “Event A” being followed by “Event B” to trigger an action. • Its time-based correlation is useful for correla- ting events that have specific time-based rela- tionships. Some problems can be determined only through temporal correlation. For example, time-based correlation can be used to implement cleanup rules given a specific interval • SureLog supports rule suspending. Preventing rule firing for a defined time period SimpleCorrelationRules UserAuthentication • Alert on 5 or more failed logins in 1 minute on a single user ID AttacksontheNetwork • Alert on 15 or more Firewall Drop/Reject/Deny Events from a single IP Address in one minute • Alert on 3 or more IPS Alerts from a single IP Address in five minutes. VirusDetection/Removal • Alert when a single host sees an identifiable pie- ce of malware • Alert when a single host fails to clean malware within 1 hour of detection. • Alert when a single host connects to 50 or more unique targets in 1 minute • Alert when 5 or more hosts on the same subnet trigger the same Malware Signature (AV or IPS) within a 1 hour interval. WebServer • Files with executable extensions (cgi, asp, aspx, jar, php, exe, com, cmd, sh, bat), are posted to a web server, from an external source • Black-listed applications • Alert when an unauthorized application (e.g. Teamviewer, LogmeIn, Nmap, Nessus, etc.) is run on any host MonitoredLogSources • Alert when a monitored log source has not sent an event in 1 Hour UserActivityReports • All Active User Accounts (any successful login grouped by account name in the past XX days) • Active User List by Authentication type a) VPN Users b) Active Directory Users c) Infrastructure Device Access (Firewalls, Rou- ters, Switches, IPS) • User Creation, Deletion and Modification (A list of all user accounts created, deleted or modified) • Access by any Default Account – (Guest, Root, Administrator, or other default account usage) • Password resets by admin accounts in the past 7 days. AccessReports • Access to any protected/monitored device by an untrusted network a) VPN Access to Server Zone b) Access by a Foreign Network to Server Zone Malware • A list of host addresses for any identified malwa-
page 8SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET re name • A count of any given malware (grouped by An- ti-Virus Signature), over the past XX days Emailactivity • Top 10 E-mail subjects • Top 10 addresses to send email • Top 10 addresses to receive email • Top 10 addresses to send email with largest total size (MB) • Top 10 addresses to receive email with largest total size (MB) WebContent • Top 10 Destinations by Domain Name • Top 10 Blocked Destinations by Domain • Name • Top 10 Blocked Sources by IP Address • Top 10 Blocked categories • Total sent and received bytes grouped by IP add- resses UserAccountactivity • Top 10 Failed Logins AdvancedCorrelationRules • Attack Followed by Account Change • Scan Followed by an Attack • Detects An Unusual Condition Where A Source Has Authentication Failures At A Host But That Is Not Followed By A Successful Authentication At The Same Host Within 2 Hours • Look for a new account being created followed by immediate authentication activity from that same account would detect the backdoor ac- count creation followed by the account being used to telnet back into the system • Monitor same source having excessive logon failures at distinct hosts, • Check whether the source of an attack was previously the destination of an attack (within 15 minutes) • Check whether there are 5 events from host firewalls with severity 4 or greater in 10 minutes between the same source and destination IP • Look for a new account being created, followed shortly by access/authentication failure activity from the same account • Monitor system access outside of business hours Taxonomy This is a mapping of information from heterogeneo- us sources to a common classification. A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, which reduces deployment and support labor. In addition, normalized events are easier to work with when developing reports and dashboards
page 9SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET SureLog supports 155 brands and 350 devices. Cate- gorize (Taxonomy) logs into 1513 groups like • Compromised->RemoteControlApp->Response • HealthStatus->Informational->HighAvailability->- LinkStatus->Down • IPTrafficAudit->IP Too many fragments • IPSpoofAccess->ICMP CODE Redirect for the Host • FileTransferTrafficAudit->Authentication Failed • NamingTrafficAudit • Session->Start • ICMP Destination Network is Administratively Prohibited LOG MANAGEMENT SureLog unique log management feature being able to collect log data from across an enterprise regard- less of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Management and Log Analysis solution. The SureLog solution was designed to address core log management needs including: • The ability to collect any type of log data regard- less of source • The ability to collect log data with or without ins- talling an agent on the log source device, system or application. • The ability to “normalize” any type of log data for more effective reporting and analysis • The ability to “scale-down” for small deploy- ments and “scale-up” for extremely large envi- ronments • An open architecture allowing direct and secure access to log data via third-party analysis and reporting tools • A role based security model providing user ac- countability and access control • Automated archiving for secure long term reten- tion • Wizard-based retrieval of any archived logs in seconds ComprehensiveLogDataCollection andLogManagement Being able to collect log data from across an enterp- rise regardless of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Mana- gement and Log Analysis solution. The SureLog solu- tion was designed to address core log management needs including: • The ability to collect any type of log data regard- less of source • The ability to collect log data with or without ins- talling an agent on the log source device, system or application. • The ability to “normalize” any type of log data for more effective reporting and analysis • The ability to “scale-down” for small deploy- ments and “scale-up” for extremely large envi- ronments • An open architecture allowing direct and secure
page 10SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET access to log data via third-party analysis and repor- ting tools • A role based security model providing user ac- countability and access control • Automated archiving for secure long term reten- tion • Wizard-based retrieval of any archived logs in seconds Cross-platformLogCollection Today’s IT operations require many technologies; routers, firewalls, switches, file servers, and appli- cations to name a few. SureLog has been designed to collect from them all through intelligent use of agent-less and agent-based techniques. Windows Event Logs: Agent-less or Agent-based SureLog can collect all types of Windows Event Logs with or without the use of an agent. Many Windows-based applications write their logs to the Application Event Log or a custom Event Log. Examples of supported log sources that can be colle- cted by SureLog in real time include: • Windows System Event Log • Windows Security Event Log • Windows Application Event Log • Microsoft Exchange Server application logs • Microsoft SQL Server application logs • Windows based ERP and CRM systems applicati- on logs Syslog Many log sources, including most network devices (e.g. routers, switches, firewalls) transmit logs via Syslog. SureLog includes an integrated Syslog server for receiving and processing these messages. Simply point any syslog generating device to SureLog and it will automatically begin collecting and processing those logs. FlatFileLogs SureLog can collect logs written to any ASCII-ba- sed text file. Whether it is a commercial system or homegrown application, SureLog can collect and manage them. Examples of supported log sources using this met- hod include: • Web servers logs (e.g. Apache, IIS) • Linux system logs • Windows Forefront TMG / UAG and ISA Server logs • DNS and DHCP server logs • Host based intrusion detection/prevention sys- tems • Homegrown application logs • MS Exchange message tracking logs Since so much sensitive information resides in da- tabases, it is important to monitor and track access and activity surrounding important databases. The actual and reputational cost of a theft of customer records can be very large. SureLog can help. Su- reLog collects, analyzes, alerts, and reports on logs from Oracle, Microsoft SQL Server. It also captures data from custom audit logs and applications that run on the database. This capability enables custo- mer to use SureLog for real-time database monito- ring to guard against insider and outsider threats. Tagging SureLog brings about the addition of a very powerful event tagging system, which allows individual users as well as teams to tag events with an unlimited number of keywords that may define that various Characteristics of an event (intrusion, financial, departmental and topological). System users can create their own set of custom tags. Tags can be added to events individually as needed or through the automated action system as events are imported and normalized. Searching and reporting by tags is supported and tag statistics displays are included as well.
page 11SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET ScalableLogCentralization SureLog is architected to scale easily and incremen- tally as your needs grow. Whether you need to col- lect 10 million or more than 1 billion logs per day, Su- reLog can handle it. With SureLog you simply deploy the capacity you need when you need it, preserving your initial investment along the way. Deployments can start with a single, turnkey appliance and grow easily by adding incremental log manager appliances as needs expand. With SureLog’s “building blocks” distributed architecture, you can access and analyze logs throughout your deployment with ease. LogArchivingandRetrieval Many businesses have compliance requirements to preserve historic log data and be able to provide it in its original form for legal or investigative purposes. Collecting, maintaining and recovering historic log data can be expensive and difficult. Imagine trying to recover logs from a specific server two years ago. Were the logs archived or saved anywhere. If so, where have the logs been stored? What format are they in? Can the correct archived log files be iden- tified among the tens of thousands (or millions) of other archive files…in a reasonable period of time? With SureLog, the answers to these questions are easy. ActivityAuditing For compliance verification, users’ and administra- tors’ actions within SureLog are logged. SureLog user activity reports provide powerful proof that SureLog is actively used to analyze log data for comp- liance purposes or not for illegal aims..
Chapter 3 SURELOG ADVANTAGES
page 13SureLog Next - Generation SIEM 3. SureLog Advantages ANET • Decision speed: Integrated analysis technology processes highly complex decision logic in real-ti- me – similar to how humans reason. • Continuous learning: We continuously learn the behavior of your environment by cross-corre- lating log information, device availability and performance statistics. • Real-time alerting and historical forensics: Many ready to use rules detect anomalous behavior and events. Comprehensive search and reporting capabilities simplify compliance reporting. CustomerswhohaveusedSURELOG haveexperienced: • Improved productivity. • Higher business operations uptime. • Lower IT costs. • Improved business performance. • Ability to meet Service Level Agreements. • By correlating customer service level commit- ments you will have better visibility to required response times. • Monitor applications. • Monitor ecosystem business services, not just devices. Whatproblemsdoesitsolve? SureLog helps network security administrators & IT Managers for security events monitoring efficiently and real-time alerting. Also the SureLog software generates reports to comply with various regulations such as Health Insurance Portability and Accounta- bility Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), and Payment Card In- dustry Data Security Standards (PCI) and archives logs for the purpose of network auditing and forensic analysis. Whatfeaturesdoesitoffer? Multiple Device/ Vendor Support, Flexible Log Ar- chiving, Capability to view traffic trends and usage patterns, Multi-level drill down into top hosts, proto- cols, web sites and more, VPN/ Squid Proxy Reports, Multi-varied Reporting Capabilities, Centralized event log management, Compliance reporting, Auto- matic alerting, Historical trending, Security analysis, Host grouping, Pre-built event reports, Customizable report profiles, Report scheduling, Multiple report formats. Compliant with Turkish Law 5651 which guaranties that logs cannot be changed and digitally signed.
About ANET Software ANET is privately held software company incorporated in VA, USA and branches in Turkey and new Zealand . Our mission is to build a software company that embraces “open development philosophy” and provides innovati- ve solutions to customer problems in collaboration with customers.  We are a SIEM pioneer with over 250 clients throughout Europe experiencing the ANET difference.
TheMost Important PriorityisYour Satisfaction Contact Us Headquarters: Anet, Inc; PMB# 62 11350 Random Hills Rd Suite 800 Fairfax, VA 22030 +1 (703) 346-1222 Offices: 74 / 2 Asquith Ave Mt Albert Auckland, New Zealand +64021 975 369 Istanbul Technology Development Zone Sanayi Mah. Teknopark Blvd. No: 1 Pendik 34906, Istanbul, Turkey +902163540581 E-5 Karayolu Ankara Asfaltaltı, Soğanlık Sapağı Kartal / Istanbul 34912, Istanbul, Turkey +902163540580 info@anetusa.net www.anetusa.net

Recommended

Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataErtugrul Akbas
 
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...Ertugrul Akbas
 
Siem tools
Siem toolsSiem tools
Siem toolsErtugrul Akbas
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
Why SureLog?
Why SureLog?Why SureLog?
Why SureLog?Ertugrul Akbas
 
SureLog SIEM Profiler
SureLog SIEM ProfilerSureLog SIEM Profiler
SureLog SIEM ProfilerErtugrul Akbas
 
Surelog Intelligence
Surelog IntelligenceSurelog Intelligence
Surelog IntelligenceErtugrul Akbas
 
Why taxonomy is critical
Why taxonomy is criticalWhy taxonomy is critical
Why taxonomy is criticalErtugrul Akbas
 

Recommended

Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataErtugrul Akbas
 
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...Ertugrul Akbas
 
Siem tools
Siem toolsSiem tools
Siem toolsErtugrul Akbas
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
Why SureLog?
Why SureLog?Why SureLog?
Why SureLog?Ertugrul Akbas
 
SureLog SIEM Profiler
SureLog SIEM ProfilerSureLog SIEM Profiler
SureLog SIEM ProfilerErtugrul Akbas
 
Surelog Intelligence
Surelog IntelligenceSurelog Intelligence
Surelog IntelligenceErtugrul Akbas
 
Why taxonomy is critical
Why taxonomy is criticalWhy taxonomy is critical
Why taxonomy is criticalErtugrul Akbas
 
Enhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningEnhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningErtugrul Akbas
 
Which generation of siem?
Which generation of siem?Which generation of siem?
Which generation of siem?Ertugrul Akbas
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
Seh based exploitation
Seh based exploitationSeh based exploitation
Seh based exploitationRaghunath G
 
How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Writing Nagios Plugins in Python
Writing Nagios Plugins in PythonWriting Nagios Plugins in Python
Writing Nagios Plugins in Pythonguesta6e653
 
ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesMurat Korucu
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingDsunte Wilson
 
RuSIEM IT assets
RuSIEM IT assetsRuSIEM IT assets
RuSIEM IT assetsOlesya Shelestova
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterDsunte Wilson
 
APPM_English_v1
APPM_English_v1APPM_English_v1
APPM_English_v1Geunwon Kang
 
Continuous monitoring with OSSIM
Continuous monitoring with OSSIMContinuous monitoring with OSSIM
Continuous monitoring with OSSIMEguardian Global Services
 
OSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIMOSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIMAlienVault
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent responseErtugrul Akbas
 
Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Protect724manoj
 
Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Sarah Isaacs
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseErtugrul Akbas
 
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...Ertugrul Akbas
 

More Related Content

What's hot

Enhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningEnhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningErtugrul Akbas
 
Which generation of siem?
Which generation of siem?Which generation of siem?
Which generation of siem?Ertugrul Akbas
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
Seh based exploitation
Seh based exploitationSeh based exploitation
Seh based exploitationRaghunath G
 
How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Writing Nagios Plugins in Python
Writing Nagios Plugins in PythonWriting Nagios Plugins in Python
Writing Nagios Plugins in Pythonguesta6e653
 
ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesMurat Korucu
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingDsunte Wilson
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterDsunte Wilson
 
OSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIMOSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIMAlienVault
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent responseErtugrul Akbas
 
Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Protect724manoj
 
Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Sarah Isaacs
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 

What's hot (20)

Enhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningEnhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through Baselining
 
Which generation of siem?
Which generation of siem?Which generation of siem?
Which generation of siem?
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
 
Seh based exploitation
Seh based exploitationSeh based exploitation
Seh based exploitation
 
How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEM
 
Writing Nagios Plugins in Python
Writing Nagios Plugins in PythonWriting Nagios Plugins in Python
Writing Nagios Plugins in Python
 
ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main Advantages
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
 
RuSIEM IT assets
RuSIEM IT assetsRuSIEM IT assets
RuSIEM IT assets
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
 
APPM_English_v1
APPM_English_v1APPM_English_v1
APPM_English_v1
 
Continuous monitoring with OSSIM
Continuous monitoring with OSSIMContinuous monitoring with OSSIM
Continuous monitoring with OSSIM
 
OSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIMOSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIM
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent response
 
Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide
 
Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagement
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 

Viewers also liked

ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseErtugrul Akbas
 
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...Ertugrul Akbas
 
Anet SureLog SIEM IntelligentResponse
Anet SureLog SIEM IntelligentResponse Anet SureLog SIEM IntelligentResponse
Anet SureLog SIEM IntelligentResponse Ertugrul Akbas
 
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...Ertugrul Akbas
 
Log Yönetiminde Gerçek Veriler ve Tutarlı Analiz
Log Yönetiminde Gerçek Veriler ve Tutarlı AnalizLog Yönetiminde Gerçek Veriler ve Tutarlı Analiz
Log Yönetiminde Gerçek Veriler ve Tutarlı AnalizErtugrul Akbas
 
Machine learning scientist
Machine learning scientistMachine learning scientist
Machine learning scientistErtugrul Akbas
 
ANET SureLog SIEM avantajları
ANET SureLog SIEM avantajlarıANET SureLog SIEM avantajları
ANET SureLog SIEM avantajlarıErtugrul Akbas
 
The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product Ertugrul Akbas
 
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...Ertugrul Akbas
 
Güvenlik, uyumluluk ve veritabani loglama
Güvenlik, uyumluluk ve veritabani loglamaGüvenlik, uyumluluk ve veritabani loglama
Güvenlik, uyumluluk ve veritabani loglamaErtugrul Akbas
 
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...Ertugrul Akbas
 
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...Ertugrul Akbas
 
Log yonetimi korelasyon ve SIEM
Log yonetimi korelasyon ve SIEMLog yonetimi korelasyon ve SIEM
Log yonetimi korelasyon ve SIEMErtugrul Akbas
 
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?Ertugrul Akbas
 
MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008Ali Ikinci
 

Viewers also liked (18)

ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponse
 
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
 
SureLog SIEM Jobs
SureLog SIEM JobsSureLog SIEM Jobs
SureLog SIEM Jobs
 
Anet SureLog SIEM IntelligentResponse
Anet SureLog SIEM IntelligentResponse Anet SureLog SIEM IntelligentResponse
Anet SureLog SIEM IntelligentResponse
 
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...
 
Log Yönetiminde Gerçek Veriler ve Tutarlı Analiz
Log Yönetiminde Gerçek Veriler ve Tutarlı AnalizLog Yönetiminde Gerçek Veriler ve Tutarlı Analiz
Log Yönetiminde Gerçek Veriler ve Tutarlı Analiz
 
Machine learning scientist
Machine learning scientistMachine learning scientist
Machine learning scientist
 
ANET SureLog SIEM avantajları
ANET SureLog SIEM avantajlarıANET SureLog SIEM avantajları
ANET SureLog SIEM avantajları
 
The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product
 
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
 
Log siem korelasyon
Log siem korelasyonLog siem korelasyon
Log siem korelasyon
 
5651 sayili kanun
5651 sayili kanun5651 sayili kanun
5651 sayili kanun
 
Güvenlik, uyumluluk ve veritabani loglama
Güvenlik, uyumluluk ve veritabani loglamaGüvenlik, uyumluluk ve veritabani loglama
Güvenlik, uyumluluk ve veritabani loglama
 
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
 
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
 
Log yonetimi korelasyon ve SIEM
Log yonetimi korelasyon ve SIEMLog yonetimi korelasyon ve SIEM
Log yonetimi korelasyon ve SIEM
 
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
 
MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008
 

Similar to SureLog SIEM

Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Mustafa Kuğu
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlationfrantzyv
 
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Deepak Mishra
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Sumo Logic
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyJonathanPritchard12
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxdanhaley45372
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...NoNameCon
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]Phil Huggins FBCS CITP
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Logging "BrainBox" Short Article
Logging "BrainBox" Short ArticleLogging "BrainBox" Short Article
Logging "BrainBox" Short ArticleAnton Chuvakin
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-networkhardik soni
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 

Similar to SureLog SIEM (20)

Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docx
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
security onion
security onionsecurity onion
security onion
 
Logging "BrainBox" Short Article
Logging "BrainBox" Short ArticleLogging "BrainBox" Short Article
Logging "BrainBox" Short Article
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-network
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
soctool.pdf
soctool.pdfsoctool.pdf
soctool.pdf
 

More from Ertugrul Akbas

BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...Ertugrul Akbas
 
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiOlay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiErtugrul Akbas
 
SOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonSOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonErtugrul Akbas
 
SIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakSIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakErtugrul Akbas
 
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıSureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıErtugrul Akbas
 
SureLog SIEM Fast Edition
SureLog SIEM Fast EditionSureLog SIEM Fast Edition
SureLog SIEM Fast EditionErtugrul Akbas
 
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).Ertugrul Akbas
 
Detecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMDetecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMErtugrul Akbas
 
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması Ertugrul Akbas
 
KVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data DiscoveryKVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data DiscoveryErtugrul Akbas
 

More from Ertugrul Akbas (20)

BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
 
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiOlay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
 
SOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonSOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde Korelasyon
 
SIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakSIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda Almak
 
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıSureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
 
Neden SureLog?
Neden SureLog?Neden SureLog?
Neden SureLog?
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM Fast Edition
SureLog SIEM Fast EditionSureLog SIEM Fast Edition
SureLog SIEM Fast Edition
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
 
Detecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMDetecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
KVKK
KVKKKVKK
KVKK
 
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
 
KVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data DiscoveryKVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data Discovery
 
SIEM
SIEMSIEM
SIEM
 

Recently uploaded

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

SureLog SIEM

  • 2. page 2SureLog Next - Generation SIEM SureLog International Edition //2016 1. SURELOG: INTEGRATED SIEM AND LOG MANAGEMENT P-3 2. All-in-One IT Security Monitoring P-4 SIEM ...............................................................................................................................................P-4 Correlation Engine ............................................................................................................P-5 Advantages of SureLog Correlation Engine ........................................................................P-5 Simple Correlation Rules ................................................................................................P-6 Advanced Correlation Rules ................................................................................................P-7 Taxonomy ........................................................................................................................P-8 LOG MANAGEMENT ........................................................................................................................P-9 Comprehensive Log Data Collection and Log Management ...........................................P-9 Cross-platform Log Collection ..................................................................................P-10 Windows Event Logs: Agent-less or Agent-based ..........................................................P-10 Syslog .................................................................................................................................P-10 Flat File Logs ......................................................................................................................P-10 Tagging ......................................................................................................................P-11 Scalable Log Centralization ..............................................................................................P-11 Log Archiving and Retrieval ..............................................................................................P-11 Activity Auditing ..........................................................................................................P-11 3. SURELOG ADVANTAGES P-11 What problems does it solve? ..................................................................................P-12 What features does it offer? ..............................................................................................P-12
  • 4. page 4SureLog Next - Generation SIEM 1. Surelog: Integrated Next Generation SIEM and Log Management ANET Security Informa- tion and Event Management Advanced Correla- tion Engine Security Operati- ons Center Log Management Log Forensics Threat Intelligence Security Reporting Real-Time Alerts Event Correlation & Analysis Compliance Management Rich Taxonomy Protecting Against Insider Attacks ANET SureLog delivers next-generation SIEM, log ma- nagement and intelligent security search in a simple, easyto-install and cost-effective solution that provi- des immediate value for security and compliance to organizations of any size. SureLog has a highly flexible architecture and sup- port for high volume data throughput rates. As well as the flexible architecture, SureLog possesses a superior correlation engine. The system lets you de- fine complex combinations of events that you need to be alerted on by easily creating and customizing correlation rules with a graphical, drag-and-drop rule creator. SureLog supports 155 brands and 350 devices and categorize logs into 1513 groups. The sophisticated threat intelligence management allows SureLog to dynamically collect black lists and update its database. • Multi-Functional Security Management Platform • Integrated Security and Log Management Plat- form • Real-time security management across thousan- ds of devices, including applications as diverse as satellite, cryptography and security devices. • Granular control over any type of event defini- tion, with the ability to collect, normalizes and integrates data from any device, application or service.
  • 6. page 6SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET Superior SIEM and log management platform that seamlessly combines SIEM, Log Management with Host and Network Forensics, in a unified Security Intelligence Platform. SIEM SureLog is a web based, agent-less, SIEM, log analy- sis and reporting software. The software applicati- on monitors, collects, analyzes, and archives logs and monitoring parameters from enterprise-wide network perimeter security devices, Routers, Swit- ches, SNMP Devices, VM, DHCP servers, Linux or Windows Systems then generate reports. The devi- ces are, Firewalls, Proxy servers, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), and Virtual Private Networks (VPN), Mail Servers like MS Exchange Servers, Zimbra Mail Servers, Postfix Mail Servers etc.. , distributed Windows hosts, distribu- ted Unix hosts, Routers, Switches, and other SysLog devices, Application like IIS web server, IIS FTP server, MS SQL server, Oracle database server, DHCP Win- dows and Linux servers. The SureLog application generates graphs and reports that help in analyzing system problems with minimal impact on network performance. Two prominent features of the applica- tion are correlation and security reports. CorrelationEngine The Correlation Engine leverages predefined rules to identify attack patterns and malicious behavior. When trying to penetrate a system, attackers often take advantage of the fact that security controls are rarely working together and are rarely monitored. Correlation Engine helps to automate that analysis so that attacks can be quickly identified and breac- hes can be quickly contained. AdvantagesofSureLog CorrelationEngine Below are some advantages of SureLog: • SureLog is fast -Supports 50,000 EPS with thou- sands of rules • SureLog can trace multiple logs with different types within a defined time frame. A sample rule to support this advantage is: Detect an unusual condition where a source has authentication fa- ilures at a host, but is not followed by successful authentication at the same host within 2 hours • SureLog can correlate different logs (Example: Windows User Creation Event and Telnet Event) according to related fields. A sample rule to sup- port this advantage is: Look for a new account being created followed by immediate authenti- cation activity from that same account. It would detect the backdoor account creation followed by the account being used to telnet back into the system • SureLog can trace a log being created with desi- red parameters or not. A sample rule to support this advantage is: Detect an unusual condition where a source has authentication failures at a host, is not followed by a successful authenticati- on at the same host within 2 hours. • SureLog can audit privileged user activity such as new account creation for greater operational transparency • SureLog can correlate privileged user behavior with specific network activity. A sample rule to support this advantage is: Look for a new account being created followed by immediate authenti- cation activity from that same account. It would detect the backdoor account creation followed by the account being used to telnet back into the system • SureLog’s correlation rule editor is simple to use • SureLog supports multiple filtering options • SureLog supports compression-based correlation feature: SureLog can monitor multiple occurren- ces of the same event, removes redundancies, and reports them as a single event
  • 7. page 7SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET • SureLog supports threshold-based correlation: SureLog has a threshold to trigger a report when a specified number of similar events occur • SureLog supports filter-based correlation: Sure- Log Inspects each event to determine if it matc- hes a pattern defined by a regular expression. If a match is found, an action may be triggered as specified in the rule. • SureLog supports sequence-based correlati- on: SureLog helps establish causality of events. Events can be correlated based on specific sequ- ential relationships. For example, synchronizing multiple events such as “Event A” being followed by “Event B” to trigger an action. • Its time-based correlation is useful for correla- ting events that have specific time-based rela- tionships. Some problems can be determined only through temporal correlation. For example, time-based correlation can be used to implement cleanup rules given a specific interval • SureLog supports rule suspending. Preventing rule firing for a defined time period SimpleCorrelationRules UserAuthentication • Alert on 5 or more failed logins in 1 minute on a single user ID AttacksontheNetwork • Alert on 15 or more Firewall Drop/Reject/Deny Events from a single IP Address in one minute • Alert on 3 or more IPS Alerts from a single IP Address in five minutes. VirusDetection/Removal • Alert when a single host sees an identifiable pie- ce of malware • Alert when a single host fails to clean malware within 1 hour of detection. • Alert when a single host connects to 50 or more unique targets in 1 minute • Alert when 5 or more hosts on the same subnet trigger the same Malware Signature (AV or IPS) within a 1 hour interval. WebServer • Files with executable extensions (cgi, asp, aspx, jar, php, exe, com, cmd, sh, bat), are posted to a web server, from an external source • Black-listed applications • Alert when an unauthorized application (e.g. Teamviewer, LogmeIn, Nmap, Nessus, etc.) is run on any host MonitoredLogSources • Alert when a monitored log source has not sent an event in 1 Hour UserActivityReports • All Active User Accounts (any successful login grouped by account name in the past XX days) • Active User List by Authentication type a) VPN Users b) Active Directory Users c) Infrastructure Device Access (Firewalls, Rou- ters, Switches, IPS) • User Creation, Deletion and Modification (A list of all user accounts created, deleted or modified) • Access by any Default Account – (Guest, Root, Administrator, or other default account usage) • Password resets by admin accounts in the past 7 days. AccessReports • Access to any protected/monitored device by an untrusted network a) VPN Access to Server Zone b) Access by a Foreign Network to Server Zone Malware • A list of host addresses for any identified malwa-
  • 8. page 8SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET re name • A count of any given malware (grouped by An- ti-Virus Signature), over the past XX days Emailactivity • Top 10 E-mail subjects • Top 10 addresses to send email • Top 10 addresses to receive email • Top 10 addresses to send email with largest total size (MB) • Top 10 addresses to receive email with largest total size (MB) WebContent • Top 10 Destinations by Domain Name • Top 10 Blocked Destinations by Domain • Name • Top 10 Blocked Sources by IP Address • Top 10 Blocked categories • Total sent and received bytes grouped by IP add- resses UserAccountactivity • Top 10 Failed Logins AdvancedCorrelationRules • Attack Followed by Account Change • Scan Followed by an Attack • Detects An Unusual Condition Where A Source Has Authentication Failures At A Host But That Is Not Followed By A Successful Authentication At The Same Host Within 2 Hours • Look for a new account being created followed by immediate authentication activity from that same account would detect the backdoor ac- count creation followed by the account being used to telnet back into the system • Monitor same source having excessive logon failures at distinct hosts, • Check whether the source of an attack was previously the destination of an attack (within 15 minutes) • Check whether there are 5 events from host firewalls with severity 4 or greater in 10 minutes between the same source and destination IP • Look for a new account being created, followed shortly by access/authentication failure activity from the same account • Monitor system access outside of business hours Taxonomy This is a mapping of information from heterogeneo- us sources to a common classification. A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, which reduces deployment and support labor. In addition, normalized events are easier to work with when developing reports and dashboards
  • 9. page 9SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET SureLog supports 155 brands and 350 devices. Cate- gorize (Taxonomy) logs into 1513 groups like • Compromised->RemoteControlApp->Response • HealthStatus->Informational->HighAvailability->- LinkStatus->Down • IPTrafficAudit->IP Too many fragments • IPSpoofAccess->ICMP CODE Redirect for the Host • FileTransferTrafficAudit->Authentication Failed • NamingTrafficAudit • Session->Start • ICMP Destination Network is Administratively Prohibited LOG MANAGEMENT SureLog unique log management feature being able to collect log data from across an enterprise regard- less of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Management and Log Analysis solution. The SureLog solution was designed to address core log management needs including: • The ability to collect any type of log data regard- less of source • The ability to collect log data with or without ins- talling an agent on the log source device, system or application. • The ability to “normalize” any type of log data for more effective reporting and analysis • The ability to “scale-down” for small deploy- ments and “scale-up” for extremely large envi- ronments • An open architecture allowing direct and secure access to log data via third-party analysis and reporting tools • A role based security model providing user ac- countability and access control • Automated archiving for secure long term reten- tion • Wizard-based retrieval of any archived logs in seconds ComprehensiveLogDataCollection andLogManagement Being able to collect log data from across an enterp- rise regardless of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Mana- gement and Log Analysis solution. The SureLog solu- tion was designed to address core log management needs including: • The ability to collect any type of log data regard- less of source • The ability to collect log data with or without ins- talling an agent on the log source device, system or application. • The ability to “normalize” any type of log data for more effective reporting and analysis • The ability to “scale-down” for small deploy- ments and “scale-up” for extremely large envi- ronments • An open architecture allowing direct and secure
  • 10. page 10SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET access to log data via third-party analysis and repor- ting tools • A role based security model providing user ac- countability and access control • Automated archiving for secure long term reten- tion • Wizard-based retrieval of any archived logs in seconds Cross-platformLogCollection Today’s IT operations require many technologies; routers, firewalls, switches, file servers, and appli- cations to name a few. SureLog has been designed to collect from them all through intelligent use of agent-less and agent-based techniques. Windows Event Logs: Agent-less or Agent-based SureLog can collect all types of Windows Event Logs with or without the use of an agent. Many Windows-based applications write their logs to the Application Event Log or a custom Event Log. Examples of supported log sources that can be colle- cted by SureLog in real time include: • Windows System Event Log • Windows Security Event Log • Windows Application Event Log • Microsoft Exchange Server application logs • Microsoft SQL Server application logs • Windows based ERP and CRM systems applicati- on logs Syslog Many log sources, including most network devices (e.g. routers, switches, firewalls) transmit logs via Syslog. SureLog includes an integrated Syslog server for receiving and processing these messages. Simply point any syslog generating device to SureLog and it will automatically begin collecting and processing those logs. FlatFileLogs SureLog can collect logs written to any ASCII-ba- sed text file. Whether it is a commercial system or homegrown application, SureLog can collect and manage them. Examples of supported log sources using this met- hod include: • Web servers logs (e.g. Apache, IIS) • Linux system logs • Windows Forefront TMG / UAG and ISA Server logs • DNS and DHCP server logs • Host based intrusion detection/prevention sys- tems • Homegrown application logs • MS Exchange message tracking logs Since so much sensitive information resides in da- tabases, it is important to monitor and track access and activity surrounding important databases. The actual and reputational cost of a theft of customer records can be very large. SureLog can help. Su- reLog collects, analyzes, alerts, and reports on logs from Oracle, Microsoft SQL Server. It also captures data from custom audit logs and applications that run on the database. This capability enables custo- mer to use SureLog for real-time database monito- ring to guard against insider and outsider threats. Tagging SureLog brings about the addition of a very powerful event tagging system, which allows individual users as well as teams to tag events with an unlimited number of keywords that may define that various Characteristics of an event (intrusion, financial, departmental and topological). System users can create their own set of custom tags. Tags can be added to events individually as needed or through the automated action system as events are imported and normalized. Searching and reporting by tags is supported and tag statistics displays are included as well.
  • 11. page 11SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET ScalableLogCentralization SureLog is architected to scale easily and incremen- tally as your needs grow. Whether you need to col- lect 10 million or more than 1 billion logs per day, Su- reLog can handle it. With SureLog you simply deploy the capacity you need when you need it, preserving your initial investment along the way. Deployments can start with a single, turnkey appliance and grow easily by adding incremental log manager appliances as needs expand. With SureLog’s “building blocks” distributed architecture, you can access and analyze logs throughout your deployment with ease. LogArchivingandRetrieval Many businesses have compliance requirements to preserve historic log data and be able to provide it in its original form for legal or investigative purposes. Collecting, maintaining and recovering historic log data can be expensive and difficult. Imagine trying to recover logs from a specific server two years ago. Were the logs archived or saved anywhere. If so, where have the logs been stored? What format are they in? Can the correct archived log files be iden- tified among the tens of thousands (or millions) of other archive files…in a reasonable period of time? With SureLog, the answers to these questions are easy. ActivityAuditing For compliance verification, users’ and administra- tors’ actions within SureLog are logged. SureLog user activity reports provide powerful proof that SureLog is actively used to analyze log data for comp- liance purposes or not for illegal aims..
  • 13. page 13SureLog Next - Generation SIEM 3. SureLog Advantages ANET • Decision speed: Integrated analysis technology processes highly complex decision logic in real-ti- me – similar to how humans reason. • Continuous learning: We continuously learn the behavior of your environment by cross-corre- lating log information, device availability and performance statistics. • Real-time alerting and historical forensics: Many ready to use rules detect anomalous behavior and events. Comprehensive search and reporting capabilities simplify compliance reporting. CustomerswhohaveusedSURELOG haveexperienced: • Improved productivity. • Higher business operations uptime. • Lower IT costs. • Improved business performance. • Ability to meet Service Level Agreements. • By correlating customer service level commit- ments you will have better visibility to required response times. • Monitor applications. • Monitor ecosystem business services, not just devices. Whatproblemsdoesitsolve? SureLog helps network security administrators & IT Managers for security events monitoring efficiently and real-time alerting. Also the SureLog software generates reports to comply with various regulations such as Health Insurance Portability and Accounta- bility Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), and Payment Card In- dustry Data Security Standards (PCI) and archives logs for the purpose of network auditing and forensic analysis. Whatfeaturesdoesitoffer? Multiple Device/ Vendor Support, Flexible Log Ar- chiving, Capability to view traffic trends and usage patterns, Multi-level drill down into top hosts, proto- cols, web sites and more, VPN/ Squid Proxy Reports, Multi-varied Reporting Capabilities, Centralized event log management, Compliance reporting, Auto- matic alerting, Historical trending, Security analysis, Host grouping, Pre-built event reports, Customizable report profiles, Report scheduling, Multiple report formats. Compliant with Turkish Law 5651 which guaranties that logs cannot be changed and digitally signed.
  • 14. About ANET Software ANET is privately held software company incorporated in VA, USA and branches in Turkey and new Zealand . Our mission is to build a software company that embraces “open development philosophy” and provides innovati- ve solutions to customer problems in collaboration with customers.  We are a SIEM pioneer with over 250 clients throughout Europe experiencing the ANET difference.
  • 15. TheMost Important PriorityisYour Satisfaction Contact Us Headquarters: Anet, Inc; PMB# 62 11350 Random Hills Rd Suite 800 Fairfax, VA 22030 +1 (703) 346-1222 Offices: 74 / 2 Asquith Ave Mt Albert Auckland, New Zealand +64021 975 369 Istanbul Technology Development Zone Sanayi Mah. Teknopark Blvd. No: 1 Pendik 34906, Istanbul, Turkey +902163540581 E-5 Karayolu Ankara Asfaltaltı, Soğanlık Sapağı Kartal / Istanbul 34912, Istanbul, Turkey +902163540580 info@anetusa.net www.anetusa.net