Product Overview
DBAPPSecurity Log Auditor consists of a collector, communication server, correlation engine, and platform manager. The main features are as follows:
1. Comprehensive log collection
It fully supports protocols such as Syslog, SNMP, OPsec, XML, FTP and local files, and can cover mainstream hardware devices, hosts and applications to ensure comprehensive collection of log information. Obtain logs for information assets (network equipment, security devices, hosts, applications, and databases), and analyze, filter, and aggregate logs through pre-set parsing rules. At the same time, collected logs can be forwarded to other network management platforms through the forwarding function.
2. Large-scale secure storage
Built-in TB-level storage device, various RAID levels can be selected to ensure data redundancy and security. The system has a number of independent intellectual property storage and encryption mechanisms and query mechanisms, which are very suitable for the application requirements of industries such as security and security.
3. Intelligent correlation analysis
It enables full-dimensional, cross-device, and fine-grained correlation analysis. It has many built-in correlation rules, supports network security attack and defense testing and compliance testing, and can easily perform correlation analysis between various assets.
4. Vulnerability management
It can collect and manage scan results generated from various web vulnerability scanning tools, host vulnerability scanning tools, and network vulnerability scanning tools, and perform risk three-dimensional correlation analysis with attack risks received by user assets in real time.
5. Data mining and data forecasting
It supports data mining and analysis of historical log data, discovers potential correlations between logs and events, and visualizes mining results. The system comes with a variety of statistical prediction algorithms, which can effectively predict future data events based on the rules of historical data.
6. Visual display
Real-time monitoring of information assets, management of information assets and customers, definition and distribution of analysis rules and associated rules, statistics and reports of log information, storage and rapid retrieval of massive logs, and platform management are realized. Through naturalization processing of various events, high-performance mass event storage and retrieval optimization functions are realized, and high-speed event retrieval capabilities are provided. Subsequent compliance statistical analysis and processing allows data to be mined and analyzed twice.