TIBCO LogLogic Unity Quick Reference Guide Concepts

Size: px
Start display at page:

Download "TIBCO LogLogic Unity Quick Reference Guide Concepts"

Transcription

1 TIBCO LogLogic Unity Quick Reference Guide Concepts Overview TIBCO LogLogic Unity is a sleek, modern and scalable platform enabling technical teams to resolve open issues, which require advanced troubleshooting techniques, complex root cause analysis or deep forensics. LogLogic Unity is a Log processing Search & Alerting tool that takes data from any source and structures that data. This allows for intuitive, fast, and complete interaction with data resulting in faster turn-around from open to close in issue resolution. Taxonomy LogLogic leverages a defined taxonomy for proper field normalization. This enables users to quickly map fields together from different sources into a common schema. Deployment LogLogic Unity architectural view is shown in the following illustration: Highlights: Modular search queries Use all or part of saved search filters to build new search queries using new building block technology Multiple search queries Run multiple searches at the same time Working data sets Work with multiple search results without losing what you are working on. Walk away and come back without losing your search results. Data lookups Enrich your experience with lookup tables enhancing search and alerting capabilities Data at rest correlation Perform advanced correlation against historical data to identify trends Data in motion correlation Maintain advanced correlation in memory to identify key patterns for alerting Comprehensive APIs Leverage core functionality using intuitive APIs built on REST Scalable clustering technology Scale horizontally as needed to maintain performance and storage Parsing A parsing rule relates to the ability to structure data from its original state. By providing structure a user can then perform other functions such as grouping, aggregations or visuals. Parsing also assists in finding information when performing searching. In LogLogic 6 parsing can be performed ad-hoc producing a flexible design to work with. LogLogic 6 also comes pre-loaded with 100 s of rules. It also provides KVP and CSV style parsers to easily extract columns for semi-structured data. Events An event in the system represents a single entry of data. Events may be small single line entries such as syslog or they may consume multiple lines such as JSON outputs or XML outputs. Tags tags are predefined with sys_. These tags are auto defined for each log message and are indexed by the system. This enables faster search queries and access to the data. Field Enrichment Field enrichment provides a way for a user to edit any field in the system to produce outputs that are informative and intuitive. We support lookups, math computations and standard functions to help users define data the way they need to see it.

2 Filter Bloks Common Search Commands Operations and functions USE Defines event sources including parsing configuration. COLUMNS Defines which columns should appear in the results. GROUP BY Grouping can be used to group values by given column or columns. Grouping requires list of grouping columns and the list of aggregation columns. SORT BY Sorts search results based on the expression. LIMIT Limits the size of search results to be displayed. Common Filter Commands/Statements/Operations Operations and functions AND Narrows your search results by only returning those events where each one of the AND conditions evaluates to true. OR Expands your search results by returning events where either of the OR conditions evaluates to true. Equals (=) A comparison condition compares two expressions using the operator specified in the comparison, which may Not equals (<>), (!=) be one of seven possible comparison operators with well-known meanings. The comparison condition Lower than(<) evaluates to true only if the comparison condition is satisfied. This may be used to narrow search results. Lower or equal (,=) Greater than (>) Greater or equal (>=) Plus (+) The arithmetic (+,-,*,/) and string concatenation ( ) operators can be used to create parts of other conditions. Minus (-) Multiply (asterisk (*)) Divide (forward slash (/)) String concatenation ( ) Function Any set of predefined functions. IS NULL, IS NOT NULL Narrows your search results by accepting or rejecting the event based on whether the evaluated expression is null or not null. An expression most frequently becomes null if a column named in the expression has no value for the current event. LIKE, NOT LIKE Returns true if it matched the supplied pattern (% matches any character, _ matches exactly one character). BETWEEN Supports Timestamps, Long and Integers. IN Checks if value matches anyone of the values in a set. REGEXP, NOT REGEXP Returns true if it matches the supplied pattern. Search Examples Filter Blok Expression sys_eventtime in TUE:WED Use MyParserProfile sys_eventtime in -1h "bob" Use system sys_eventtime in 1d:NOW "bob" and devtype in ('Windows', 'Cisco PIX') sort by sys_eventtime DESC LIMIT 100 "Bob" sys_eventtime BETWEEN ' :34:34' and ' :00:00' sys_eventtime in -1h sort by sys_eventtime DESC sys_eventtime in -1h group by transactionid columns COUNT() sys_eventtime in -1h group by transactionid columns max(sys_eventtime) - min(sys_eventtime) as duration Displays results from the Default data parser profile within defined time range. Displays results from a defined data Parser Profile for a specified time range. Displays results from the default log source with Bob in the text. Displays results from the Data Parser profile within a certain time range. Displays results from a data source with 'bob' in the text, and for a certain set of log sources. Displays sorted first page of results for events ordered by timestamp in descending order. Display results from the log source with Bob in the text Displays sorted events by timestamp in descending order. Displays grouped results based on transaction. Displays grouped results based on the transaction durations. Provides an alias for the expression that will be used as column name. Aggregation Functions Function (*) This will apply the function for any event with no additional constraints. All This will apply the function on all values that are not null. Distinct This will apply the function once per distinct values. Sum This is the total value. Avg This is the average value. Max This is the minimum value. Var This is the variance. Stdev This is the standard deviation function.

3 Correlation Bloks Functions Arguments Returns String functions lenchar_lengthcharacter_length String Length of string argument 1 lower String Lower case of string 1 upper String Upper case of string 1 trim String Trimmed string 1 (without leading and trailing spaces) substitute String 1, String 2, String 3 Substitute string 2 by string 3 in string 1 left String, Int <int> left characters of string 1 right String, Int <int> right characters of string 1 midsubstrsubstring String, Int 1, Int 2 Characters from string 1 starting at offset <int1> for a length of <int2> findposition String, String Index of the first occurrence of string 2 within string 1, -1 if no occurrence is found concatenate String, String, Concatenation of all strings passed as arguments. List functions size List Size of list Conditional functions IIF Condition, then, else Returns then value if condition else, then returns else valve. Smart List functions lookup String 1, String 2 The value associated with String2 in the smart list named String1. isinlist String 1, String 2 True if the value String2 is defined in smart list named String1. Conversion functions ToTimestamp ToIP ToTimestampString ToInt ToLong ToString ToFloat ToBool ToDouble expression, formatstring or expression, formatstring expression, formatstring or expression, formatstring, The expression, which should evaluate to a string, is interpreted as a time according to the supplied formatstring. If the conversion fails, null is retured, unless a default string is provided, which is interpreted as a time and returned. Same as ToTimestamp, except the conversion is to an IP address (Java InetAddress). Same as ToTimestamp, except the conversion is in the opposite direction to get a printable timestamp. The obvious conversion to integer with default value taken if not convertible. The obvious conversion to Long with default value taken if not convertible. The obvious conversion to String with default value taken if not convertible. The obvious conversion to Float with default value taken if not convertible. The obvious conversion to Boolean with default value taken if not convertible. The obvious conversion to Double with default value taken if not convertible. Columns The system (event metadata) columns are indexed so searching is faster on the system columns. All system columns are displayed with the prefix sys_ and all built-in parsers are displayed with the prefix ll_ in the column list. The following list describes all system columns in the LogLogic Unity event. Name Type Column sys_eventtime Timestamp UTC time of the event in Epoch milliseconds. sys_body String Text of the message. sys_bodysize Integer Size in number of bytes of the body. sys_sourcetype Integer TIBCO LogLogic Log Management Intelligence (LMI) type ID. sys_collectip InetAddress IP from where the event originated. sys_collecttime TimeStamp UTC time of the event when it was ingested into the LogLogic Unit event storage. sys_filename String File name for event collected from a file. sys_filelinenumber Integer Line number in file. sys_tenant String Customer identifier. sys_domain String Customer sub-identifier. sys_partition Long Identifier of the portion of the data on the data node. sys_offset Long Location of the LogLogic Unity event store. sys_eventkey String Unique key that refers to an event in the LogLogic Unity store. sys_lmieventkey String Unique key that refers to an event in the LogLogic LMI event store. sys_applianceid String Identifier for the LMI Appliance. sys_lmidomain Integer, String LMI Domain is a component of the LMI device (source) identifier. sys_sourcedns String DNS name for the event_source_ip.

4 Rule Structure Statement Rule Structure USE <source identifier> (, <source identifier>)* Within <integer> [ d h m s ] [ Fixed Sliding ] <event group 1> <event group 2> [ Correlation <correlation criteria 1> <correlation criteria 2> ] [ Autofill ] ( Set <expression> As <identifier> )* [ Inject Correlation Event ] [ LIMIT <integer> CORRELATION EVENTS ] Event group structure Event Group <identifier> [ Is ( Required Optional Excluded ) ] [ With Delayed Evaluation ] [ At Least <integer> Events ] [ At Most <integer> Events ] [ <identifier environment> ] [ Where <expression> ] [ With The Same <expression> [ As <identifier> ] (, <expression> [ As <identifier> ] )* ] ( Having <having clause> )* [ Limits <integer> Groups And <integer> Events ] Having Clause At (Least Most) <integer> Distinct <expression> As <identifier> Limit <integer> Count Of <expression> Being <expression> (Greater Lower) Than <integer> Percentage Of <expression> Being <expression> (Greater Lower) Than <integer>%<condition> Correlation Criteria <event_group_identifier1>><field_identifier1> == <event_group_identifier2>><field_identifier2> <event_group_identifier1> (Begins Ends) [At Least <integer> [ d h m s ]] [Up To <integer> [ d h m s ]] (Before After) <event_group_identifier2> (Begins Ends) Search Examples Correlation Blok Example Use system Event Group [My Events] Use my source Event Group [My Events] Operation limit 1000 Direction limit 1000 Use MySource Event Group [Builts] where Operation = "Built" and Direction = "outbound" [Source IP] limit 1000 Use MySource Event Group [Builts] At least 41 events where Operation = "Built" and Direction = "outbound" With the same [Source IP] [Destination IP] limit 1000 Use MySource Event Group [DenyAndBuilt] where Operation = "Deny" OR Operation = "Built" With the same [Source IP] Having at least 2 distinct [Operation] limit 1000 This rule will trigger a new alert at the first event and will accumulate all events during 30 minutes time period. This rule will do the same as rule 1 but the alerts generated will then give information about the number of distinct operation/direction and their values. This rule will filter events which have Operation equals to Built and Direction equals to outbound, and give count of distinct source IP and values up to This rule is looking for at least 41 events with the same criteria as the previous one, coming from the same Source IP, and giving information about the number of distinct Destination IPs and their value up to This rule looks for a Source IP which has events from at least 2 distinct operations Hillview Avenue Palo Alto CA Copyright TIBCO Software Inc. ALL RIGHTS RESERVED

5 Columns The system (event metadata) columns are indexed so searching is faster on the system columns. All system columns are displayed with the prefix sys_ and all built-in parsers are displayed with the prefix ll_ in the column list. The following list describes all system columns in the LogLogic Unity event. Name Type Column sys_eventtime Timestamp UTC time of the event in Epoch milliseconds. sys_body String Text of the message. sys_bodysize Integer Size in number of bytes of the body. sys_sourcetype Integer TIBCO LogLogic Log Management Intelligence (LMI) type ID. sys_collectip InetAddress IP from where the event originated. sys_collecttime TimeStamp UTC time of the event when it was ingested into the LogLogic Unit event storage. sys_filename String File name for event collected from a file. sys_filelinenumber Integer Line number in file. sys_tenant String Customer identifier. sys_domain String Customer sub-identifier. sys_partition Long Identifier of the portion of the data on the data node. sys_offset Long Location of the LogLogic Unity event store. sys_eventkey String Unique key that refers to an event in the LogLogic Unity store. sys_lmieventkey String Unique key that refers to an event in the LogLogic LMI event store. sys_applianceid String Identifier for the LMI Appliance. sys_lmidomain Integer, LMI Domain is a component of the LMI device (source) identifier. String sys_sourcedns String DNS name for the event_source_ip. Log Sources LogLogic Unity supports message body text search for all of the log sources supported by LogLogic LMI and also supports advanced searching of source-specific parsed columns for the following sources via General Parser. For details, see the TIBCO LogLogic Log Source Packages documentation. Note that not all event types supported by LogLogic LMI may be supported by LogLogic Unity. Log Source ADS Microsoft Active Directory Service Apache Web Server Blue Coat ProxySG Syslog BMC Remedy Action Request (AR) CA SiteMinder Access Management Check Point (CP Audit) Cisco ASA Adaptive Security Appliance Cisco ACS for Windows Cisco Content Engine Cisco ESA Cisco Services Module (FWSM) Cisco IOS Cisco IPS Cisco Identity Services Engine (ISE) Cisco NetFlow Cisco (Nexus) NX-OS Cisco Secure ACS Cisco Web Security Appliance (WSA) Fortinet (FortOS) F5 BIGIP traffic Management Operating (TMOS) General Unix GuardiumSQLGuard GuardiumSQLGuard Audit HP NonStop HP-UX Operating Audit IBM AIX Audit IBM AIX Operating IBM DB2 Universal (UDB) IBM Resource Facility (RACF) Device Category Active Directory Apache Web Server WebProxy BMC Remedy ARS UTM Content Engine Mail Security /VPN Router & Switches IPS Router Switch Web Security LoadBalancer DB IDS/IPS DB IDS/IPS Audit

6 Log Sources - continued Log Source IBM ISS SiteProtector Juniper IDP Juniper RT_Flow Jumper SSL VPN Secure Access Juniper (JunOS) LogLogic Appliance LogLogic Security Manager McAfee epolicy Orchestrator McAfee G2 Sidewinder Microsoft DHCP Microsoft Office Sharepoint Server Microsoft Operations Manager Microsoft Internet Authentication Service (IAS) Microsoft SQL Server Microsoft Microsoft (French) Microsoft (German) Microsoft (Japanese) MySQL Server GDBC NetApp Decru DataFort NetApp Filer Novell edirectory Oracle Serer General Collector for Oracle Palo Alto Networks PanOS RSA ACE/Server Reuters KondorPlus Snort Sourcefire Sensor Sourcefire Defense Center Squid2 Sun Solaris Basic Security Module (BSM) Sybase Adaptive Server Enterprise (ASE) Symantec Symantec SEP TIBCO ActiveMatrix Administartor TIBCO ActiveMatrix BPM TIBCO ActiveMatrix Business Works TIBCO Administrator TIBCO API Exchange Gateway Server TIBCO Hawk Agent TIBCO Enterprise messaging Service Collector (EMSC) TrendMicro Control Manager TrendMicro OfficeScan Tripwire for Server VMware ESX Server VMware vcenter VMware vcenter Orchestrator VMware vcloud Director VMware vshield Edge Device Category IPS IDS/IPS VPN UTM IPS /VPN Microsoft DHCP Application Content Management Decru Datafort NetApp Filer, NetApp Filer Audit LDAP Directory Service UTM Application Intrusion Detection IDS/IPS IDS/IPS Blue Coat Sun Solaris Operating BSM EMS Tripwire Management Station Hypervisor Automation Server

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage TIBCO LogLogic SOX and COBIT Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE.

More information

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage TIBCO LogLogic HIPAA Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE

More information

Symantec Security Information Manager Version 4.7

Symantec Security Information Manager Version 4.7 Version 4.7 Agenda What are the challenges? What is Security Information Manager? How does Security Information Manager work? Why? 2 Security Management Challenges 3 Managing IT Security PREVENT INFORM

More information

TIBCO LogLogic PCI Compliance Suite Release Notes

TIBCO LogLogic PCI Compliance Suite Release Notes TIBCO LogLogic PCI Compliance Suite Release Notes Software Release 3.7.0 August 2014 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED

More information

List of Supported Systems & Devices

List of Supported Systems & Devices List of Supported Systems & Devices February 2012 Cyber-Ark's Privileged Identity Management (PIM) Suite is an enterprise-class, unified policy-based solution that secures, manages and monitors all privileged

More information

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

Configuration Audit & Control

Configuration Audit & Control The Leader in Configuration Audit & Control Configuration Audit & Control Brett Bartow - Account Manager Kelly Feagans, Sr. Systems Engineer ITIL, CISA March 4, 2009 Recognized leader in Configuration

More information

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method RSA envision Supported Event Sources A Actividentity 4TRESS AAA Server - version 6.4.1 AirDefense AirDefense Enterprise Server - version 7.2 Airmagnet Airmagnet Enterprise - version 7.5.0 Apache HTTP Server

More information

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred DETECT All changes across your IT environment With coverage for your servers, network devices, critical workstations, point of sale systems, and more, CimTrak has your infrastructure covered. CimTrak provides

More information

CiscoWorks SIMS(Netforensics)

CiscoWorks SIMS(Netforensics) Managing Logs and Security Events CiscoWorks SIMS(Netforensics) Georg Bommer, Inter-Networking AG (Switzerland) Table of Content Challenges/Problems Main Functionality Product Tour Report Examples Architecture

More information

SENTINEL MANAGEMENT & MONITORING

SENTINEL MANAGEMENT & MONITORING MANAGEMENT & MONITORING Network Monitoring Server Monitoring Database Monitoring Application Monitoring End User Response Time Monitoring Virtualisation Monitoring VOIP Monitoring SLA Monitoring Knowing

More information

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM Proposal Release Date: AUGUST 20 th 2008 Proposal Due Date: SEPTEMBER 16 th 2008 TABLE OF CONTENTS 1 - INTRODUCTION...

More information

TIBCO LogLogic ITIL and ITSM Compliance Suite Release Notes

TIBCO LogLogic ITIL and ITSM Compliance Suite Release Notes TIBCO LogLogic ITIL and ITSM Compliance Suite Release Notes Software Release 3.7.0 August 2014 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE

More information

ArcSight Supports a Wide Range of Security Relevant Products

ArcSight Supports a Wide Range of Security Relevant Products ArcSight Supports a Wide Range of Security Relevant Products ArcSight s data collection capabilities are the most versatile in the industry and run the gamut from a centralized collection point on the

More information

IBM Security QRadar SIEM Version 7.1.0 MR1. Log Sources User Guide

IBM Security QRadar SIEM Version 7.1.0 MR1. Log Sources User Guide IBM Security QRadar SIEM Version 7.1.0 MR1 Log Sources User Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 108. Copyright

More information

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

More information

Measurably reducing risk through collaboration, consensus & practical security management. 2013 CIS Security Benchmarks 1

Measurably reducing risk through collaboration, consensus & practical security management. 2013 CIS Security Benchmarks 1 Measurably reducing risk through collaboration, consensus & practical security management 2013 CIS Security Benchmarks 1 Background City University of New York s Rights and Benefits as a CIS Security Benchmarks

More information

JUNIPER NETWORKS STRM TECHNICAL NOTE

JUNIPER NETWORKS STRM TECHNICAL NOTE JUNIPER NETWORKS STRM TECHNICAL NOTE USING EXTENSION DOCUMENTS JUNE 2008 Device extensions allow you to modify how a DSM parses logs, which is useful for resolving parsing issues. However, before you define

More information

McAfee Database Activity Monitoring 5.0.0

McAfee Database Activity Monitoring 5.0.0 Product Guide McAfee Database Activity Monitoring 5.0.0 For use with epolicy Orchestrator 4.6.3-5.0.1 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

VMware vcenter Operations Manager Enterprise Administration Guide

VMware vcenter Operations Manager Enterprise Administration Guide VMware vcenter Operations Manager Enterprise Administration Guide vcenter Operations Manager Enterprise 5.0 This document supports the version of each product listed and supports all subsequent versions

More information

vsphere Upgrade vsphere 6.0 EN-001721-03

vsphere Upgrade vsphere 6.0 EN-001721-03 vsphere 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

Peter Dulay, CISSP Senior Architect, Security BU

Peter Dulay, CISSP Senior Architect, Security BU CA Enterprise Log Manager 12.5 Peter Dulay, CISSP Senior Architect, Security BU Agenda ELM Overview ELM 12.5: What s new? ELM to CA Access Control/PUPM Integration CA CONFIDENTIAL - Internal Use Only Overview

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security Networking and Security are complex, dynamic areas, and VMware recognizes

More information

Upgrading From NetIQ Security Manager 6.5 to Sentinel 7.0

Upgrading From NetIQ Security Manager 6.5 to Sentinel 7.0 Contents Overview... 1 Understanding Sentinel 7.0 Architecture... 1 Planning to Upgrade From Security Manager to Sentinel... 3 Enabling Security Manager Data Forwarding... 4 Using Sentinel to Search Log

More information

ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER

ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER QUICKSTART GUIDE: ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER TABLE OF CONTENTS Introduction...2 Getting Started...4 Configuring Log Sources...4 Common Log Sources...5 INTRODUCTION A FRESH APPROACH TO IDENTIFYING

More information

Integrigy Corporate Overview

Integrigy Corporate Overview mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation

More information

Supported Devices (Event Log Sources)

Supported Devices (Event Log Sources) Operating Systems HP Insight Manager Windows Time service CISCO CatOS IBM DB2 UDB Websense WSG CISCO IOS Imperva Cisco NX OS LogBinder SP Astaro Citrix NetScaler OS MacAfee Intrushield IPS Security 110

More information

Measurably reducing risk through collaboration, consensus & practical security management. 2015 CIS Security Benchmarks 1

Measurably reducing risk through collaboration, consensus & practical security management. 2015 CIS Security Benchmarks 1 Measurably reducing risk through collaboration, consensus & practical security management 2015 CIS Security Benchmarks 1 Background State of Idaho s Rights and Benefits as a CIS Security Benchmarks Member

More information

VMware vcloud Director for Service Providers

VMware vcloud Director for Service Providers Architecture Overview TECHNICAL WHITE PAPER Table of Contents Scope of Document....3 About VMware vcloud Director....3 Platform for Infrastructure Cloud...3 Architecture Overview....3 Constructs of vcloud

More information

Partner Camp 2016. Leistungsstarkes Log-Management für physische, virtuelle und cloud-basierte Umgebungen. Tomas Baublys 25.04.

Partner Camp 2016. Leistungsstarkes Log-Management für physische, virtuelle und cloud-basierte Umgebungen. Tomas Baublys 25.04. Partner Camp 2016 vrealize Click Log to edit Insight Master title style Leistungsstarkes Log-Management für physische, virtuelle und cloud-basierte Umgebungen Tomas Baublys 25.04.2016 2014 VMware Inc.

More information

vshield Administration Guide

vshield Administration Guide vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

VMware vcenter Log Insight User's Guide

VMware vcenter Log Insight User's Guide VMware vcenter Log Insight User's Guide vcenter Log Insight 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

Integrating VoltDB with Hadoop

Integrating VoltDB with Hadoop The NewSQL database you ll never outgrow Integrating with Hadoop Hadoop is an open source framework for managing and manipulating massive volumes of data. is an database for handling high velocity data.

More information

The syslog-ng Premium Edition 5F2

The syslog-ng Premium Edition 5F2 The syslog-ng Premium Edition 5F2 PRODUCT DESCRIPTION Copyright 2000-2014 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Premium Edition enables enterprises to collect,

More information

VMware vcenter Log Insight Security Guide

VMware vcenter Log Insight Security Guide VMware vcenter Log Insight Security Guide vcenter Log Insight 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

VMware vcenter Log Insight User's Guide

VMware vcenter Log Insight User's Guide VMware vcenter Log Insight User's Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye Best of Breed of an ITIL based IT Monitoring The System Management strategy of NetEye by Georg Kostner 5/11/2012 1 IT Services and IT Service Management IT Services means provisioning of added value for

More information

HP SiteScope 11.x Essentials

HP SiteScope 11.x Essentials HP SiteScope 11.x Essentials Overview This course provides the technical knowledge and skills needed to manage and monitor an IT infrastructure with the help of the HP SiteScope product. Students gain

More information

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

VMware vcenter Operations Manager Administration Guide

VMware vcenter Operations Manager Administration Guide VMware vcenter Operations Manager Administration Guide Custom User Interface vcenter Operations Manager 5.6 This document supports the version of each product listed and supports all subsequent versions

More information

Zenoss for Cisco ACI: Application-Centric Operations

Zenoss for Cisco ACI: Application-Centric Operations Zenoss for Cisco ACI: Application-Centric Operations Introduction Zenoss is a systems management software company focused on the challenges of operating and helping ensure the delivery of large-scale IT

More information

The syslog-ng Store Box 3 F2

The syslog-ng Store Box 3 F2 The syslog-ng Store Box 3 F2 PRODUCT DESCRIPTION Copyright 2000-2014 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance

More information

VMware Identity Manager Connector Installation and Configuration

VMware Identity Manager Connector Installation and Configuration VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document

More information

Enforcive /Cross-Platform Audit

Enforcive /Cross-Platform Audit Enforcive /Cross-Platform Audit Enterprise-Wide Log Manager and Database Activity Monitor Real-time Monitoring Alert Center Before & After Change Image Custom Reports Enforcive's Cross-Platform Audit (CPA)

More information

Alert Logic Log Manager

Alert Logic Log Manager whitepaper Alert Logic Log Manager Configuring Log Sources for Best Practice Reports CONTENTS Introduction 1 Best Practice Reports in Log Manager 2 Active Directory 2 Databases 2 Network Devices 2 Windows

More information

The syslog-ng Premium Edition 5LTS

The syslog-ng Premium Edition 5LTS The syslog-ng Premium Edition 5LTS PRODUCT DESCRIPTION Copyright 2000-2013 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Premium Edition enables enterprises to collect,

More information

Policy Compliance. Getting Started Guide. January 22, 2016

Policy Compliance. Getting Started Guide. January 22, 2016 Policy Compliance Getting Started Guide January 22, 2016 Copyright 2011-2016 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

SAP Business Objects Business Intelligence platform Document Version: 4.1 Support Package 7 2015-11-24. Data Federation Administration Tool Guide

SAP Business Objects Business Intelligence platform Document Version: 4.1 Support Package 7 2015-11-24. Data Federation Administration Tool Guide SAP Business Objects Business Intelligence platform Document Version: 4.1 Support Package 7 2015-11-24 Data Federation Administration Tool Guide Content 1 What's new in the.... 5 2 Introduction to administration

More information

HawkEye AP Log Adapter List Updated January 2014

HawkEye AP Log Adapter List Updated January 2014 HawkEye AP Log Adapter List Updated January 2014 Firewalls / VPN Aventail SSL VPN * Check Point Firewall-1 fwexport * Check Point Firewall-1 LEA Check Point VPN-1 * Cisco ASA (via SyslogNG) Cisco FWSM

More information

TORNADO Solution for Telecom Vertical

TORNADO Solution for Telecom Vertical BIG DATA ANALYTICS & REPORTING TORNADO Solution for Telecom Vertical Overview Last decade has see a rapid growth in wireless and mobile devices such as smart- phones, tablets and netbook is becoming very

More information

User Identification (User-ID) Tips and Best Practices

User Identification (User-ID) Tips and Best Practices User Identification (User-ID) Tips and Best Practices Nick Piagentini Palo Alto Networks www.paloaltonetworks.com Table of Contents PAN-OS 4.0 User ID Functions... 3 User / Group Enumeration... 3 Using

More information

Advanced Service Design

Advanced Service Design vcloud Automation Center 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

DBMS / Business Intelligence, SQL Server

DBMS / Business Intelligence, SQL Server DBMS / Business Intelligence, SQL Server Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals.

More information

Installing and Administering VMware vsphere Update Manager

Installing and Administering VMware vsphere Update Manager Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

End Your Data Center Logging Chaos with VMware vcenter Log Insight

End Your Data Center Logging Chaos with VMware vcenter Log Insight End Your Data Center Logging Chaos with VMware vcenter Log Insight By David Davis, vexpert WHITE PAPER Table of Contents Deploying vcenter Log Insight... 4 vcenter Log Insight Usage Model.... 5 How vcenter

More information

User-ID Best Practices

User-ID Best Practices User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers

More information

Monitoring Remote Access VPN Services

Monitoring Remote Access VPN Services CHAPTER 5 A remote access service (RAS) VPN secures connections for remote users, such as mobile users or telecommuters. RAS VPN monitoring provides all of the most important indicators of cluster, concentrator,

More information

syslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com

syslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com syslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com Introduction Log messages contain information about the events happening on the hosts.

More information

Enterprise SysLog Manager (ESM)

Enterprise SysLog Manager (ESM) Enterprise SysLog Manager (ESM) ESM is a managed network security appliance (scalable HP server) with database for the collection, management and reporting of syslog messages, from critical hosts and network

More information

Frequently Asked Questions. Secure Log Manager. Last Update: 6/25/01. 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.

Frequently Asked Questions. Secure Log Manager. Last Update: 6/25/01. 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236. Frequently Asked Questions Secure Log Manager Last Update: 6/25/01 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 1. What is Secure Log Manager? Secure Log Manager (SLM) is designed

More information

SapphireIMS 4.0 BSM Feature Specification

SapphireIMS 4.0 BSM Feature Specification SapphireIMS 4.0 BSM Feature Specification v1.4 All rights reserved. COPYRIGHT NOTICE AND DISCLAIMER No parts of this document may be reproduced in any form without the express written permission of Tecknodreams

More information

OnCommand Unified Manager

OnCommand Unified Manager OnCommand Unified Manager Operations Manager Administration Guide For Use with Core Package 5.2 NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1(408) 822-6000 Fax: +1(408) 822-4501

More information

Palo Alto Networks. Security Models in the Software Defined Data Center

Palo Alto Networks. Security Models in the Software Defined Data Center Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling

More information

The syslog-ng Store Box 3 LTS

The syslog-ng Store Box 3 LTS The syslog-ng Store Box 3 LTS PRODUCT DESCRIPTION Copyright 2000-2012 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance

More information

Migrating to vcloud Automation Center 6.1

Migrating to vcloud Automation Center 6.1 Migrating to vcloud Automation Center 6.1 vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

John Smith Prattville, AL career@hashbangsecurity.com

John Smith Prattville, AL career@hashbangsecurity.com John Smith Prattville, AL career@hashbangsecurity.com Career Objective I am a certified and skilled senior security and UNIX systems administrator with over twenty years of experience. I am seeking a position

More information

Effective Use of Security Event Correlation

Effective Use of Security Event Correlation Effective Use of Security Event Correlation Mark G. Clancy Chief Information Security Officer The Depository Trust & Clearing Corporation DTCC Non-Confidential (White) About DTCC DTCC provides custody

More information

Developing Microsoft SharePoint Server 2013 Advanced Solutions MOC 20489

Developing Microsoft SharePoint Server 2013 Advanced Solutions MOC 20489 Developing Microsoft SharePoint Server 2013 Advanced Solutions MOC 20489 Course Outline Module 1: Creating Robust and Efficient Apps for SharePoint In this module, you will review key aspects of the apps

More information

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet Data sheet HP Intelligent Management Center Enterprise Software Platform Key features Highly flexible and scalable deployment options Powerful administration control Rich resource management Detailed performance

More information

XpoLog Center Suite Data Sheet

XpoLog Center Suite Data Sheet XpoLog Center Suite Data Sheet General XpoLog is a data analysis and management platform for Applications IT data. Business applications rely on a dynamic heterogeneous applications infrastructure, such

More information

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Access Management Analysis of some available solutions

Access Management Analysis of some available solutions Access Management Analysis of some available solutions Enterprise Security & Risk Management May 2015 Authors: Yogesh Kumar Sharma, Kinshuk De, Dr. Sundeep Oberoi Access Management - Analysis of some available

More information

vsphere Upgrade Update 1 ESXi 6.0 vcenter Server 6.0 EN-001804-02

vsphere Upgrade Update 1 ESXi 6.0 vcenter Server 6.0 EN-001804-02 Update 1 ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent

More information

XpoLog Competitive Comparison Sheet

XpoLog Competitive Comparison Sheet XpoLog Competitive Comparison Sheet New frontier in big log data analysis and application intelligence Technical white paper May 2015 XpoLog, a data analysis and management platform for applications' IT

More information

Heroix Longitude Quick Start Guide V7.1

Heroix Longitude Quick Start Guide V7.1 Heroix Longitude Quick Start Guide V7.1 Copyright 2011 Heroix 165 Bay State Drive Braintree, MA 02184 Tel: 800-229-6500 / 781-848-1701 Fax: 781-843-3472 Email: support@heroix.com Notice Heroix provides

More information

MANAGED SERVICES. Remote Monitoring. Contact US: 800.677.1919 info@millenniuminc.com millenniuminc.com

MANAGED SERVICES. Remote Monitoring. Contact US: 800.677.1919 info@millenniuminc.com millenniuminc.com MANAGED SERVICES Remote Monitoring A N D Ma n a g e m e n t D O C U MENTATION AND Services Gu i d e Contact US: 800.677.1919 info@millenniuminc.com millenniuminc.com ABOUT RMM SERVICES Millennium s RMM

More information

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector

More information

HawkEye AP Log Adapter List Updated January 2016

HawkEye AP Log Adapter List Updated January 2016 HawkEye AP Log Adapter List Updated January 2016 Firewalls / VPN Aventail SSL VPN * Check Point Firewall-1 fwexport * Check Point Firewall-1 LEA Check Point VPN-1 * Cisco ASA (via SyslogNG) Cisco FWSM

More information

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred DETECT All changes across your IT environment With coverage for your servers, network devices, critical workstations, point of sale systems, and more, CimTrak has your infrastructure covered. CimTrak provides

More information

Virtualization Journey Stages

Virtualization Journey Stages Deep Security 7.5 Todd Thiemann Sr. Dir. of Datacenter Security Marketing Trend Micro Harish Agastya Director of Datacenter Security Marketing Trend Micro Classification 11/12/2010 1 Virtualization Journey

More information

Reference Guide. Skybox View 7.0.600. Revision: 11

Reference Guide. Skybox View 7.0.600. Revision: 11 Reference Guide Skybox View 7.0.600 Revision: 11 Copyright 2002-2014 Skybox Security, Inc. All rights reserved. This documentation contains proprietary information belonging to Skybox Security and is provided

More information

ACE Management Server Deployment Guide VMware ACE 2.0

ACE Management Server Deployment Guide VMware ACE 2.0 Technical Note ACE Management Server Deployment Guide VMware ACE 2.0 This technical note provides guidelines for the deployment of VMware ACE Management Servers, including capacity planning and best practices.

More information

Big Data for Satellite Business Intelligence

Big Data for Satellite Business Intelligence Big Data for Satellite Business Intelligence GSAW 2015 Loic COULET, Kratos ISE 2015 by Kratos ISE. Published by The Aerospace Corporation with permission. Who s talking? Computer Science Passionate Kratos

More information

Product Guide Revision A. McAfee Web Reporter 5.2.1

Product Guide Revision A. McAfee Web Reporter 5.2.1 Product Guide Revision A McAfee Web Reporter 5.2.1 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Required Software Product List

Required Software Product List Symantec ($3.2 million, 35% weight) AdVantage AdvisorMail AntiVirus (Endpoint Protection) AntiVirus Enterprise Edition App Center Application HA Asset Management Suite Backup Exec Certificate Intelligence

More information

Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE

Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE Solution Overview The VMware View Mobile Secure Desktop solution is a powerful architecture intended

More information

vrealize Automation Load Balancing

vrealize Automation Load Balancing vrealize Automation Load Balancing Configuration Guide Version 6.2 T E C H N I C A L W H I T E P A P E R A U G U S T 2 0 1 5 V E R S I O N 1. 0 Table of Contents Introduction... 4 Load Balancing Concepts...

More information

TIBCO LogLogic Log Management Intelligence (LMI) Release Notes

TIBCO LogLogic Log Management Intelligence (LMI) Release Notes TIBCO LogLogic Log Management Intelligence (LMI) Software Release 5.6.0 March 2015 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED

More information

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard

More information

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows Quest InTrust Version 8.0 What's New Active Directory Exchange Windows Abstract This document describes the new features and capabilities of Quest InTrust 8.0. Copyright 2004 Quest Software, Inc. and Quest

More information

ManageEngine (division of ZOHO Corporation) www.manageengine.com. Infrastructure Management Solution (IMS)

ManageEngine (division of ZOHO Corporation) www.manageengine.com. Infrastructure Management Solution (IMS) ManageEngine (division of ZOHO Corporation) www.manageengine.com Infrastructure Management Solution (IMS) Contents Primer on IM (Infrastructure Management)... 3 What is Infrastructure Management?... 3

More information

Using the vcenter Orchestrator Plug-In for Microsoft Active Directory

Using the vcenter Orchestrator Plug-In for Microsoft Active Directory Using the vcenter Orchestrator Plug-In for Microsoft Active Directory vcenter Orchestrator 4.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

SolarWinds Log & Event Manager

SolarWinds Log & Event Manager Corona Technical Services SolarWinds Log & Event Manager Training Project/Implementation Outline James Kluza 14 Table of Contents Overview... 3 Example Project Schedule... 3 Pre-engagement Checklist...

More information

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls. provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls. View a graphical summary of the applications on the network, the respective users, and

More information

XenServer Virtual Machine metrics

XenServer Virtual Machine metrics 1 de 7 21/11/13 13:31 Tour (/tour/) How it Works /how-it-works/) Pricing (/pricing/) Customers (/testimonials/) WHAT WE MONITOR Application Monitoring /) Java Monitoring Tomcat monitoring Zookeeper Monitoring

More information

Palo Alto Networks User-ID Services. Unified Visitor Management

Palo Alto Networks User-ID Services. Unified Visitor Management Palo Alto Networks User-ID Services Unified Visitor Management Copyright 2011 Aruba Networks, Inc. Aruba Networks trademarks include Airwave, Aruba Networks, Aruba Wireless Networks, the registered Aruba

More information

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide

More information

HP A-IMC Firewall Manager

HP A-IMC Firewall Manager HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this

More information