LogSentinel SIEM DEMO: How To Use LogSentinel
LogSentinel #SIEM #DEMO
Sophisticated dashboards, that can be customised according to user preferences, are also available there.
On the threat map, you can see the IP’s locations of the actors who have triggered a #security threat for a certain period.
The statistical overview gives valuable insight into the top actions, actors, entities or data sources.
What’s more, you can search by user activity and familiarise yourself with a specific actor’s behaviour.
In the “Data Sources” module you can showcase the most frequently connected data sources to LogSentinel: Active Directory, firewall, CRM software, Website, Microsoft365, GCP, Router and others. By clicking the update button you can see what types of details are available to quickly change and update.
The alerts module is another eye-catching module, giving a quick overview of all alert types that LogSentinel offers.
Alerts will help you or your clients set up different anomaly event triggers which will allow real-time notifications - either via email or via web or mobile application.
The first and most commonly used by all organization alerts are based on correlation rules.
We have a rich library of rules templates that need zero or a very minor modification to make them up and running. We’ve covered various case scenarios that would typically be of interest to be set up by the security officers and analysts. This will significantly reduce the time needed for a technical setup which will accelerate the time-to-value for you.
The second alert type is based on statistical rules. Such rules are also very commonly used by organizations and they’re offered by most SIEMs. Just like it’s shown on the demo, they can be customized as per the company preferences in order to monitor for different kinds of aggregated data.
The #ML based anomaly detection is what makes LogSentinel different from a typical SIEM. The anomaly detection can be configured by data source and allows companies to detect anomalies they haven’t thought of. You can also set up working hours for each application listed, specifying working and non-working days and hours, even adding holidays.
The Alerts overview showcases in real-time what types of alerts have been triggered for a defined period of time. You can filter by rule name, data source, alert type, or tags. There is a default, actor and a host view giving you better visibility options. You can triage a selected alert and review it in detail, understanding better what happened and is worth escalating. Other alert types such as web monitoring and leaked credentials are not available on the demo account but they deserve an honourable mention as they help security officers gain an overview of everything in one place.
The user management module is also available on the demo account, showing what types of user roles and accesses are available there and what additional configurations can be made.
The threat feeds are also important especially for clients who need to comply with regulations and standards such as STIX/TAXII.
The integrity module also gives a quick overview of what the hash verification would look like.
Having a full security audit log on all data changes means that the audited data is also protected. You can always trace the data modifications in the log and verify whether a given change occurred naturally, or was altered inappropriately.
From a legal point of view, sometimes digital evidence has to be presented in court, or to regulators. It carries additional strength if you can prove to 3rd parties that your data hasn't been tampered with. In fact, in any other scenario, the opposite side can dispute the truthfulness of logs. With LogSentinel SIEM's cryptographic #integrity guarantees, and leveraging existing legal framework, for example, the European Union’s eIDAS, the collected #logs carry significant legal strength in court proceedings and otherwise. This said the data integrity aspect is very important for many regulations and standards such as #GDPR, #PDS2, PCI-DSS, #ISO27001 and others.
Speaking of GDPR, we also have a separate GDPR module, where GDPR-specific processing activities can be created. Thanks to a GDPR Correlation Key, LogSentinel can associate the GDPR-specific processes with the corresponding logs which can later be used by the DPOs, #Compliance officers, auditors. The help section provides a rich library of useful links and resources needed to everyone having GDPR responsibilities.
LogSentinel SIEM provides built-in compliance reports as well as the flexibility to extract and export data based on any criteria and timeframe. Reports are configured and executed from the Reports menu.
As you already saw yourself, the DEMO account shows some of the key features of LogSentinel SIEM, needed to track and monitor in real-time user activity, network resources, applications, databases and cloud services in a unified security centre, which is a great fit for small and medium businesses, as well as for #MSSP