LIVE SALES & SUPPORT207.324.8805 United States
+63 (2) 914.5050 Philippines
 |
|||||||||||||||||||||||||||
|
One of the highlights in any syslog server should be the reports. Somix takes great pride in the engineering that we have invested into Logalot's reporting engine. Use Logalot to generate reports on specific types of messages or even specific information found in the message body.
Several searches like the one above can be created and saved. Then, multiple searches are run at the same time to create a report with a single graph which includes a data line for every search included in the report. This strategy allows you to identify trends in attacks. In other words, it answers the question: Are the various attacks all occurring at the same time? Some vendors call this "event correlation". If the attacks are happening at the same time, you then need to determine where the attack is coming from (i.e. what IP address(es) is executing the "Port Scan" against the firewall). With a quick search, you can determine what IP addresses have been performing Port Scans on the firewall. Next, perform a search on each of the IP address and find out what other policies have been violated by these IP address. You can even graph the above search to determine when the attacks are coming from the IP address to help determine if the attacks are a one time thing or a routine (e.g. every Saturday night at 2:00 A.M.). Visual Trace Route can then be used to find geographical origin of the attacker. You can even use the above information to setup a "watch" or policy so that when the perpetrator attacks again, notification can occur in near real time and a posting is made to the bulletin board.
|
||||||||||||||||||||||||||
|
 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
)
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
){kind=small}
