Friday, October 3

Better data from Active Directory for your SIEM

If you Have or are Planning to Have:
  • A SIEM solution (ArcSight ESM, RSA enVision, Novell Sentinel, IBM TCIM)
  • An enterprise Log Management solution (LogLogic, TriGeo, SenSage)
And your employees log on to:
  • Microsoft Active Directory / Windows
  • Novell eDirectory / NetWare
And you're unhappy with the solution's ability to:
  • Get complete information from the directory or file system
  • Filter which information is collected
  • Generate highly relevant alerts based on filtered event data and custom policies
  • Collect event data directly from the source (independent of system logs)
  • Apply decisions or alerts based on WHO is performing the action
  • Report on ANY combination of objects and attributes in the directory
  • Report on who is opening or modifying files, folders, or file system permissions

THEN ...Please give us a call.

I recently wrote a paper discussing how we (NetVision) extend the ability of SIEM or log management solutions by getting better, more reliable, and more relevant information directly from what is arguably your most critical source (the network directory). The paper isn't publicly available (it's not that kind of paper). So, let us know and we'll pass it along or we can save you the trouble of reading and just explain it.

No comments: