- A SIEM solution (ArcSight ESM, RSA enVision, Novell Sentinel, IBM TCIM)
- An enterprise Log Management solution (LogLogic, TriGeo, SenSage)
- Microsoft Active Directory / Windows
- Novell eDirectory / NetWare
- Get complete information from the directory or file system
- Filter which information is collected
- Generate highly relevant alerts based on filtered event data and custom policies
- Collect event data directly from the source (independent of system logs)
- Apply decisions or alerts based on WHO is performing the action
- Report on ANY combination of objects and attributes in the directory
- Report on who is opening or modifying files, folders, or file system permissions
THEN ...Please give us a call.
I recently wrote a paper discussing how we (NetVision) extend the ability of SIEM or log management solutions by getting better, more reliable, and more relevant information directly from what is arguably your most critical source (the network directory). The paper isn't publicly available (it's not that kind of paper). So, let us know and we'll pass it along or we can save you the trouble of reading and just explain it.