Assuria Log Manager (ALM)
Used by government agencies, major commercial organisations, local government departments and IT service providers to deliver IT security intelligence and complete visibility into system activity.
Analysis & Alerting
Security & Compliance Reporting
Assuria Log Manager (ALM) delivers an enterprise wide view of IT system activity, from almost any system, application or device within the IT infrastructure. This IT security intelligence is delivered with strong forensic readiness as a key objective.
ALM provides automated collection and management of audit logs from across the whole enterprise, as well as security event analysis, alerting and reporting. ALM is fully scalable to meet the needs of organisations from SME’s right through to major global enterprises. ALM is designed to automate the management of logs from almost any IP based system or device, including MS Windows, Unix and Linux servers, workstations, databases, applications, network devices, firewalls, routers, physical access control systems and much more.
Role based access control (RBAC) provides privilege control. Multiple users can log into the ALM Console to manage agents, agent policies, collection policies, syslog forwarding (where ALM agents are not in use) and security policies, as well as to create archives, generate reports and many other processes.
ALM agents are available for most Windows, Unix and Linux systems to provide the highest levels of forensic integrity and log management automation. Through its own built-in Syslog server and TCL scripted plug-ins, ALM is capable of collecting logs from just about any source. Out of the box, ALM supports most commonly used log sources and formats with a library of standard reports, such as for PCI-DSS compliance. A powerful analysis and anomaly detection engine, log data interactive log data viewing features and a highly flexible report generator allows easy generation of highly customised views of security event and log data.
Enterprise Wide Log Collection. Secure and forensically sound collection of logs from almost any source into a central store.
Log Management. Enterprise wide automated management of logs, including log rotation.
Forensic Readiness. Logs are collected in a secure and forensically sound manner, retaining their original form and complete with relevant meta data, thus allowing repeated examination with new analysis rules and use of the logs by other applications and processes.
Real-time Event Alerting. Configurable to specific log events, sent via Email and/or SNMP traps.
Agent Based Collection ensures the security, continuity and integrity of all collected logs.
Agent Based Log Management. Ensures the security, continuity and integrity of all collected logs and allows alerting at the log source.
Digitally Signed. An RSA/SHA256 digital signature is calculated and the log digitally signed before transfer. Transfer is authenticated and encrypted using TLS.
Secure Storage. Log cataloguing, chain of custody records, archive creation and management. Archive to secure long term storage, complete with a digitally-signed manifest.
Scalable and Modular Architecture. Designed to support almost any sized IT environment up to thousands of log sources. Supports multiple collection points, with load balancing and resilience built-in.
Analysis. Collected logs are processed by a rules-driven analysis and anomaly detection engine. Flexible and extensible analysis rules allow ‘interesting’ events to be tagged and written to a database for further analysis and reporting.
Unstructured Querying. ALM provides facilities to analyse and report on stored original log data, allowing unstructured ‘Google’ type searches on any item, providing effective interactive analysis and learning features. This will often leading to new automated analysis rules and reporting.
Reporting. Flexible analysis, correlation, aggregation and reporting in HTML, PDF, XLS, XML and CSV.
Data Export. Export of collected log data to external systems in various forms - raw logs, form normalised or content normalised.
ALM is a software solution, providing significant advantages over hardware appliance based solutions. There is no need to install additional 'black box' appliances to support ALM, instead it can be implemented on existing systems within the IT infrastructure. Advantages over appliance solutions include lower cost, flexibility of implementation, scalability (the ALM Starter Pack allows small initial rollouts to be gradually scaled up to major enterprise implementations very easily) and extensibility, all important features for enterprise implementations.
ALM's unique, flexible architecture uses Tcl plug-ins to allow collection of logs from almost any source and in an infinite number of log formats and types.
An SDK is available to allow even easier development of additional ALM plug-ins to support new log sources. Training is also available to allow partners and customers to develop ALM plug-ins.
A wide range of log sources is supported out of the box, including those listed below (note - this is just a sample list - please contact Assuria for the full list of supported log sources):
The system requirements indicated below are for Assuria Log Manager version 4.2 or later. They are subject to change.
A detailed sizing exercise may require details such as typical event size, typical log size, log collection frequency, O/S and hardware versions, application version details and other information. Assuria can provide sizing assistance, including a sizing modelling spreadsheet (available on request).