Available to: IT Professionals
Cost: No charge
- See Getting Started, below.
Log Monitoring & Analytics, commonly implemented in a Security Incident and Event Management (SIEM) tool, uses correlation rules and machine learning algorithms to provide real time analysis of system and application logs aggregated from multiple sources across campus.
Keeping copies of logs on a secure, centrally maintained log server facilitates faster recovery from system crashes and aids in security incident analysis. A Log Monitoring and Analytics tool can analyze billions of logs in minutes where analysts would need months to sift through those same logs to identify unusual or suspicious activity. The tool alleviates alert fatigue, flagging the most critical issues for the security team to focus their efforts and reduces the mean time to detect security incidents. It also enables administrators and technical support staff to view a variety of logs from many sources in one location to facilitate troubleshooting activities.
- Real time analysis of security logs to quickly identify anomalous activity on the University network
- Reduced mean time to detect incidents
- Alert analysis and assessment
- Log copies are securely stored on a central server, backed up, and available for easy retrieval even if your system has crashed or its local logs have been lost or altered
- A single interface is provided for analyzing all logs at one time
- Windows and UNIX/Linux operating systems are supported as well as dozens of application log formats
What to Expect
This service normally will be available 24 by 7 except for standard change windows, as described in IS&T’s standard policies, procedures, and schedules for making changes.
Contact us to request access to the SIEM or to send new logs to the data lake.