DBAPPSecurity Log Auditor (BYOL)
Sold by: 安恒信息
As a comprehensive management platform for information assets, the 明御® Comprehensive Log Audit Platform detects various security threats and abnormal behavior events in a timely manner through comprehensive standardized processing of customer network equipment, security equipment, host and application system logs. Provide managers with a global perspective to ensure the safety of uninterrupted operation of customer businesses. By collecting logs reported by network assets and devices, various network operations and attack information are monitored in real time. According to the set rules, various risky behaviors are intelligently determined, and risky behaviors are alerted.
Overview
Mingyu Comprehensive Log Audit Platform consists of a collector, communication server, correlation engine and platform manager. The main functions are as follows:
- Comprehensive log collection It fully supports protocols such as Syslog, SNMP, OpSec, XML, FTP and local files, and can cover mainstream hardware devices, hosts and applications to ensure comprehensive collection of log information. Logs of information assets (network devices, security devices, hosts, applications, and databases) can be obtained, and logs are analyzed, filtered, and aggregated through preset parsing rules. At the same time, the collected logs can be forwarded to other network management platforms through the forwarding function.
- Large-scale secure storage Built-in TB-level storage devices, and various RAID levels can be selected for data redundancy and security. The system has multiple storage and encryption mechanisms and retrieval mechanisms with independent intellectual property rights, which are very suitable for application requirements in industries such as security and cryptography.
- Intelligent correlation analysis It realizes full-dimensional, cross-device, and fine-grained correlation analysis, has many built-in correlation rules, supports network security attack and defense detection, and compliance testing, and can easily perform correlation analysis between assets.
- Vulnerability Management It can collect and manage scan results from various web vulnerability scanning tools, host vulnerability scanning tools, and network vulnerability scanning tools, and perform three-dimensional risk correlation analysis with attack risks received from user assets in real time.
- Data mining and data prediction It supports data mining and analysis of historical log data, discovering potential correlations between logs and events, and visualizing the mining results. The system comes with a variety of statistical data prediction algorithms, which can effectively predict future data occurrence according to the rules of historical data.
- Visual display It enables real-time monitoring of information assets, management of information assets and customers, definition and distribution of analysis rules and associated rules, statistics and reports of log information, storage and rapid retrieval of massive logs, and platform management. Through naturalized processing of various events, high-performance mass event storage and retrieval optimization functions are realized, and high-speed event retrieval capabilities are provided. Subsequent compliance statistical analysis processing enables secondary mining and analysis of the data.
Highlights
- Comprehensive intelligent collection functions: Continuous connection checks and integrity checks and customizable cache functions ensure that the platform receives all data and monitors every step of the transmission chain; configurable filtering and aggregation functions can eliminate irrelevant data and merge duplicate device logs. Powerful data compression can save expensive bandwidth.
- Standardized logs: various security event logs (attacks, intrusions, exceptions), various behavioral event logs (internal control, violation), various vulnerability scan logs (weaknesses, vulnerabilities), various status monitoring logs (availability, performance, status), event description from a security perspective: event target object classification, event characteristic classification, event result classification, attack classification, and detection device classification.
- Innovative log parsing capability: The parsing rule is activated only after the corresponding log is received. It also supports unrecognized log watermark processing, uses multi-level parsing functions and dynamic programming algorithms to achieve flexible unparsed log event processing, and supports various parsing methods (such as regular expressions, separators, MIB information mapping configurations, etc.); log parsing performance is not related to the number of connected log devices.
Pricing
DBAPPSecurity Log Auditor (BYOL)
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of Amazon Web Services Marketplace China, while Amazon Web Services provides the infrastructure required to launch the product. Amazon Web Services Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional Amazon Web Services infrastructure costs may apply. Use the Amazon Web Services Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Refunds are not currently supported
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. Amazon Web Services Marketplace China does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Usage information
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
First version
Additional details
Usage instructions
Instructions for use:
- Subscribe and launch EC2: It is recommended to “boot from EC2”, select the EC2 type and add a data disk as needed (see recommended specifications).
- The minimum configuration for an EC2 instance is 4 cores and 8G. The data disk must be greater than 100G; 500G is recommended.
- Once EC2 is up, over https://:9443 Access the management interface, default username: admin, password: <实例ID>
- There is no trial license for this product, please call 400-6059-110 to purchase an official license.
- If you encounter product problems during use, please call 400-6059-110 for consultation.
Resources
Vendor resources
Support
Vendor support
Official website: https://www.dbappsecurity.com.cn/ Customer service hotline: 400-6059-110 (7*24) Scope of support: Pre-sales consultation, licensing, technical support, after-sales service complaints and suggestions, please contact 4006059110@dbappsecurity.com.cn
Amazon Web Services infrastructure support
Amazon Web Services Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Customer reviews
Ratings and reviews
0 ratings
0 reviews
No customer reviews yet
Be the first to review this product .