Assuria Log Manager Overview
Assuria Log Manager (ALM) delivers an enterprise wide view of IT system activity, from almost any system, application or device within the IT infrastructure. This IT security intelligence (which is essential for Security Operation Centres - SOC) is delivered with strong forensic readiness as a key objective.
ALM provides automated collection and management of audit logs from across the whole enterprise, as well as security event analysis, alerting and reporting. ALM is fully scalable to meet the needs of organisations from SME’s right through to major global enterprises. ALM is designed to automate the collection and management of logs from almost any IP based system or device, including MS Windows, Unix and Linux servers, workstations, databases, applications, security devices, network devices, firewalls, routers, physical access control systems and much more.
Unlike many SIEM solutions available today, most of which rely on crude methods of collecting log and event data, such as syslog forwarding (download our White Paper on the limitations of syslog) and pay little or no attention to the integrity of the log data, ALM is designed to efficiently interact directly with the system creating log data, whether an operating system, security device or other system. Wherever possible, ALM employs software agents using specially written log data sources (plug-ins) to reliably manage this interaction in true enterprise fashion. For more information on this subject, please go to: ALM Log Sources.
ALM agents are available for most Windows, Unix and Linux systems to provide the highest levels of forensic integrity and log management automation. Through its own built-in Syslog server and TCL scripted plug-ins, ALM is capable of collecting logs from just about any source. Out of the box, ALM supports most commonly used log sources and formats with a library of standard reports, such as for PCI-DSS compliance. A powerful analysis and anomaly detection engine, log data interactive log data viewing features and a highly flexible report generator allows easy generation of highly customised views of security event and log data.
Role based access control (RBAC) provides privilege control. Multiple users can log into the ALM Console to manage agents, agent policies, collection policies, syslog forwarding (where ALM agents are not in use) and security policies, as well as to create archives, generate reports and many other processes.