Log Management Features
|
 |
|
 |
|
|
Correlation
The EventCorrelator is an important and powerful tool in the hands of the system administrator and is crucial for maximizing the value of event log management and analysis. The EventCorrelator enables defense in depth where security information can be collected from perimeter devices, systems and applications and rules run to detect patterns of behavior indicating a breach of security.
With EventCorrelator, events from multiple servers and domains can be correlated to enable earlier detection of security threats. Often the clues to an ongoing attack are scattered across multiple systems and devices and it becomes nearly impossible to detect these subtle signs manually in real-time. For example, an intruder could be attempting to break into your systems but is moving from system to system to avoid triggering an alert for too mainy failed logins on a system. A correlation rule can be set to alert after a number of login failures by a single user or IP address during a certain period of time across any of the machines in the enterprise, enablng these types of attacks to be quickly uncovered.
The EventCorrelator User Interface makes it easy to define patterns of events and create rules and actions which can prevent the loss of revenue and increase overall security.
Event correlation helps you:
- Identify unauthorized logon activity
- Monitor unauthorized network port usage
- Monitor logon/logoff activity
- Manage Active Directory OU delegation
EventCorrelator provides:
- Out of box correlation rules to detect the most common and critical security conditions in real-time
- The ability to create customized correlation rules and actions
- Support for Heuristic, Vector, Threshold, Comparison and Redirecting Correlation scenarios