ISMAC allows you to collect various types and formats of logs across enterprise network.
Log management is about more than collecting and storing logs. ISMAC helps you understand what your data means. We specialize in normalizing log and machine data and identifying actionable insights so you can protect your network and automate compliance, threat detection, and incident response.
Log Event Correlation
How can you know if something is potentially harmful?
Our Event Correlation tools take data from applications and host logs and analyze the data to identify patterns.
The correlation and root-cause analysis is paramount for any IT team to be able to monitor the network properly. By using ISMAC any IT personnel can be easily trained to identify and create their own alerts regarding relevant events.
EVENT CORRELATION USE CASES AND TECHNIQUES
In essence, event correlation is a technique that connects various events into identifiable patterns. If those patterns show potential security threats, then an action is required. Event correlation can also be performed in real time.
Some use cases of Event Correlation include:
- Threat Intelligence
- Threat Detection
- Security Operations Support
- Case Management analysis
- Fraud detection
Use Cases of Event Correlation
While you want to monitor events, you also want to implement automated processes that can determine relationships between complex events. One example of event correlation can occur with intrusion detection.
Let’s say there is an employee that hasn’t accessed her account in months, and suddenly a large number of login attempts are noticed. That account may start executing suspicious commands. Through ISMAC, an alert indicating that an attack is in progress is automatically sent to the Security Operations Centre (SOC) Team.
What if among the thousands of login attempts, one was successful? Correlation then comes into play by marking this event as “curious.”
Then, it may notice that 30 minutes earlier, several ports have been scanned. Now, you may notice that the IP address of the port scan and the login attempts are the same. This is where context is added to correlation engine.
Then, the event is marked with an elevated concern. These are specific events that can be related to each other – out of thousands. In fact, in any scenario, this could happen within millions of events.
If you try to do this job manually and without Artificial Intelligence (AI), this job would rely more on luck than on hard work, because the amount of information to be correlated is simply too large to be handled by humans effectively.