Feeds:
Posts
Comments

Posts Tagged ‘LogInspect’

Siem_System

ImmuneSecurity (now called Logpoint) proudly presents LogInspect™ version 5.1.1. This version contains numerous enhancements as well as some bug fixes.

The highlights for this release are:

  • Introduction of LI Lite for distributed collection of logs from remote locations.
  • Higher availability of logs from the main LogInspect can be made by creating a copy of a repo in the remote LogInspect.
  • Introduction of tenants for effective object management between various organizational units.

Enhancements

A selection of the major enhancements of LogInspect™ v5.1.1 is listed below in detail.

Devices and Collection

  • Logs can be forwarded into the system from different platforms using the Distributed Collector. This support is available for LI Lite at the moment.
  • IPv6 support is extended to the following collectors and fetchers: SNMP fetcher, sflow collector,FileInspect collector, SNMP trap collector and the netflow collector.
  • The CIDR IP address, is supported for all of the collectors.
  • Log parser’s pattern can be validated by checking against the example message.
  • SNMP fetcher works for leaf OIDs.

Search and Queries

  • Fields in search query can now be renamed.
  • Grouping constructs support “order by” syntax.
  • Inline list now supports, using whitespace enclosed by quotes.
  • Cmd + click (Ctrl + click) opens and displays the search result on a new tab.

Dashboard and User Interface

  • Growl position setting, can now be managed from preferences page.
  • Dashboard tabs are now moveable.

User Management

  • LDAP authentication supports three different login formats: “Sam Account Name”, “UID” and “DN”. This can be configured from “Advance LDAP Settings”.
  • SSL implemented for Directory Access Protocol (LDAP Strategy).
  • Username is now made non editable.

Correlation and Alert

  • Ownership of rules can be transferred to other users.

System and Performance

  • Critical security updates for the system can be applied by uploading the tested security patch and installing them.

Backup and Storage

  • Backup scheduling is made optional.
  • For backups, its now possible to apply a retention policy.

FileInspect

  • Windows events can now be collected, by using the “Windows Event Log Reader” checkmark, while configuring the FileInspect client.
Reporting
  • Queries in reports templates are now editable.

Bug Fixes

A selection of the major bug fixes of LogInspect™ v5.1.1 is listed below.

  • Netflow v9 now contains all available fields.
  • HTTPS certificate can now be applied, without rebooting the server.
  • Problem with configuration backup has been fixed.
  • Vendor dashboard can now be used through the “use action”.
Advertisements

Read Full Post »

Scalability, made easy.

LogInspect 5 (now called Logpoint) can scale into any organization – big or small, locally based or operating globally.
And while all organizations have a similar need to invest in a SIEM solution, each has a unique set of operational conditions with specific requirements that dictate the scope of implementation.
A network might be highly segmented due to security policies or geographic distribution, mandating specific collection capabilities. Budget and staffing limitations can also require an incremental approach.

screen_dump_appl
LogInspect 5 is dynamic, adaptable and scalable to the specific needs of your organisation.

  • Accommodates today – and tomorrow.

IT executives can be assured that the solution they invest in today can adapt to accommodate their future organizational needs.
LogInspect 5’s dynamic enterprise architecture is flexible enough to meet multiple and changing requirements – from the easily scalable to broader collection capabilities.

  • Centralized Threat Analysis System.

Thanks to the Centralized Threat Analysis System (CTAS), LogInspect 5 can deploy any combination of hardware and software appliances on a multitude of servers.
Searching, alarming, and incident managing and reporting are consolidated on one single interface. Just apply the search or report to the suitable LogInspect 5 repositories.

  • Truly designed for Big Data.

•Based on NoSQL technologies – for ultimate performance.
•Lowered overhead thanks to tagged data rather than the indexed data of the traditional, expensive   performance of an SQL database.
•A “Document” database structure.
•Digests billions of logs on a daily basis.
•Log data is stored and normalized in one single and fast process.

  • Built-in scaling.

•Supports hardware appliances based on standard servers.
•Supports VMware and Hyper V.
•Dynamic repository architecture ensures easy scalability for multiple sites and optimised   performance.

  • Fully supports on existing infrastructures.

•SAN storage architectures.
•Existing load balancers.
•Co-exists with existing backup solutions.
•Full redundancy architecture for highest availability.

Read Full Post »