Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Logsign Data Policy Manager(DPM)

700 vues

Publié le

Logsign Data Policy Manager enables you to manage logs effectively in all phases, collection, storage and indexing.

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Logsign Data Policy Manager(DPM)

  1. 1. All Rights Reserved - Logsign 2015 Data Policy Manager Security Information and Event Management All Rights Reserved - Logsign 2015 LOGSIGN V4.0 WORKSHOP
  2. 2. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com Overview Easy to deploy via over 200 ready integrations and free plugin services, Logsign collects terabytes of logs and events in real time from hundreds of physical, virtual and cloud data sources. Logsign’s Enterprise Wide Log Collection Techniques are; WMI, Syslog, Oracle, SQL, CEF, File Share, NFS Share, FTP/SFTP, ODBC, LEA API and more. In relation to that logs are getting bigger and bigger everyday. Logsign Data Policy Manager enables you to optimize the log management respecting any company and multiple regulations.
  3. 3. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com Data Policy Manager How? Create data policies with Logsign DPM, ● for every single log source or a group of sources to collect logs. ● for setting redundancy period of logs. ● for managing storage capacity whether to include or exclude logs collected. Therefore Logsign DPM increases the effectiveness of collection, storage and the performance of indexing.
  4. 4. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com For Input In For Input field, there can be applied policies to the data that is collected at the input level. ● With ‘Include by regexp’, desired data can be collected and written by adding specific rules or words, and with ‘Exclude by regexp’, the unwanted data can be specified with added rules.
  5. 5. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com ● With ‘Include by Key-Value’, defined columns and values in parsed logs (e.g. Windows logs) are set to be written to system, also they can be set not to be viewed in system by using ‘Exclude by Key-Value’. As you can see on the right side, For Windows, successful and denied logon events are collected, but logoff events are set not to be collected. For Input
  6. 6. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com ● Your disk space is prevented to get filled with unnecessary files and logs by filtering the same log lines that are captured in a specific time period when you set a redundancy period. For Input
  7. 7. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com For Parsing ● You can specify a column after the data parsed to make column-based filtering for repetitive data in For Parsing field.
  8. 8. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com For Indexing In For Indexing field, in addition to the fields, ‘Include/Exclude by Regexp’ and ‘Include/Exclude by Key-Value’; ● ‘Filter Index Fields’ allows you to index the only specified written columns. (the results can’t also viewed in Search, Reports and Alerts)
  9. 9. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com For Indexing In the Search menu, the results can viewed as below by default, Before and After applying the Index Filter. BEFORE AFTER
  10. 10. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com For Indexing Additionally for indexing, the desired data can be viewed by ‘Include Log’ option and the unwanted data is set not to be viewed by ‘Exclude Log’ option. When ‘Include/Exclude Log’ option is enabled, Event.SystemID column results can be typed in SystemID fields.
  11. 11. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com For JSON Store & For RAW Store ● In For JSON Store field, there can be specified rules and filters with the same features as in For Input and For Indexing fields. ● In For RAW Store field, the desired or unwanted data can be specified to be collected or not by regexp rules at the first input level.
  12. 12. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com For Persisting ● In For Persist field, the data can be collected in the system with specific names that defined for each sources.
  13. 13. All Rights Reserved - Logsign 2015 www.logsign.com http://support.logsign.com Summary Therefore, Logsign DPM can be considered as a SIEM use case. Increased Effectiveness of Collection, Storage and Performance of Indexing Logsign DPM Multiple Regulations Flexible & Customized Rule Setting
  14. 14. Thanks http://support.logsign.net

×