SIEM Ease-of-Use and Indicators: Describing the Spread of Data
-
Upload
ertugrul-akbas -
Category
Technology
-
view
518 -
download
1
Transcript of SIEM Ease-of-Use and Indicators: Describing the Spread of Data
![Page 1: SIEM Ease-of-Use and Indicators: Describing the Spread of Data](https://reader036.fdocuments.net/reader036/viewer/2022083104/587e129a1a28abbc2e8b4a43/html5/thumbnails/1.jpg)
SIEM Ease-of-Use and Indicators: Describing the Spread of Data
Dr. Ertuğrul AKBAŞ
www.anetyazilim.com.tr
Ease-of-use and big data to define the next generation SIEM solution. Ease-of-use and simplified management are the key specifications for a successful SIEM solution.
ANET SureLog SIEM solution has a very intuitive and easy of use GUI. The SIEM needs to be easy enough to use where it doesn’t require a large team of people to maintain it. A GUI's primary purpose is to make an end user's job easier. Working with Views and Dashboards with drag&drop is supported with ANET SureLog which is a Log Management & SIEM integrated solution.
Figure 1. SureLog Security Dashboard
Data Representation
Network administrators need better data representation in different graphical formats, reports and dashboards. Viewing and analyzing log data in a graphical manner is a preferred choice rather than looking at raw log data. Instead of spending time sifting through raw log data and gaining intelligence, one glance at the graphical representation has to drive the administrator
![Page 2: SIEM Ease-of-Use and Indicators: Describing the Spread of Data](https://reader036.fdocuments.net/reader036/viewer/2022083104/587e129a1a28abbc2e8b4a43/html5/thumbnails/2.jpg)
to make decisions. Dashboard is among the most critical components of an IT security solution. It is the primary interface to monitor real-time events and to perform analysis, reporting and manipulation of stored log data. Presenting the vital information from the log message in form of graphs and charts is very much essential to help administrators to take timely action.
SureLog Reports and Dashboards are designed for
A summary status that indicates how things stand overall. Users need to be able to tell at a glance whether they should worry or not.
Reflect a well-understood structure of the security infrastructure Support quick diagnosis of problems. The data presentation should point directly to the likely
source of the problem. Simple data presentation. Real-time dashbaord’s aren’t the place for complex or advanced data
visualizations
Same advantages of SureLog
Build one or more dashboards with no programming just with drag&drop support, Allow you to choose exactly the widgets you like, Choose what data sources you need, Offer a large number of ready-to-use sources, Allow you to customize layout w.r.t. location and size of widgets, Create different permission levels, for different people in your security team. Allow you to customize colors and chart types. Allow you time frames.
Figure 2. Default Dashboard
![Page 3: SIEM Ease-of-Use and Indicators: Describing the Spread of Data](https://reader036.fdocuments.net/reader036/viewer/2022083104/587e129a1a28abbc2e8b4a43/html5/thumbnails/3.jpg)
Creating a Custom Dashboard
You will create a new dashboard utilizing the query just created along with some other useful default queries. SureLog has 5 option to create custom dashboard
Select any table view from any forensic search result: While searching or filtering any even data, final result view (Tabular or graphical representation) can be added as a dashboard widget just with one click
Select any dynamically created toplist report from real time log data: Toplist from real time data can be created with clicking the header of table view of the data. This toplist graphical view can be added to dashboard widget just with one click
Select any predefined trend and statistical report from statistical framework utilizing special statistical calculations. SureLog offers a rich set of pre-defined reports that help in analyzing bandwidth usage and understanding network security. You can select any report and add this report as a dashboard widget just with one click
Creating a custom query: Customizable filters over any reports can be used to create new dashboard widgets
SQL query: SQL query can be used to create new dashboard widgets over any data sources. SQL emulator over big data infrastructure is available within SureLog
Figure 3. Dashboard Creation Dialog
Building a dashboard like this enables a user to quickly drill down on points of interest.
Creating a Custom Query: SureLog also provides a wizard allowing you to create custom queries, which can also be used in a dashboard with drag&drop support. Also, you will create a more advanced query with SQL query language.
![Page 4: SIEM Ease-of-Use and Indicators: Describing the Spread of Data](https://reader036.fdocuments.net/reader036/viewer/2022083104/587e129a1a28abbc2e8b4a43/html5/thumbnails/4.jpg)
Figure 4. Dynamically Created Toplist Report
Figure 5. Dynamically Created Toplist Report
Statistical Reports&Dashboards
SureLog offers a rich set of pre-defined reports that help in analyzing bandwidth usage and understanding network security.
The following reports are generated based on Firewall logs:
Traffic Reports
Inbound & Outbound Traffic Intranet Reports Internet Reports Geolocation Map View Report
Security Reports
Security Reports Virus Reports Attack Reports Spam Reports
Trend Reports
Protocol Trend Reports Traffic Trend Reports Event Trend Reports
![Page 5: SIEM Ease-of-Use and Indicators: Describing the Spread of Data](https://reader036.fdocuments.net/reader036/viewer/2022083104/587e129a1a28abbc2e8b4a43/html5/thumbnails/5.jpg)
VPN Trend Reports
Figure 6. Statistical Report - Attacks
Any predefined statistical report can be added to dashboard just one click. Dashboards are available out-of-the-box and also can create revision-proof compliance reports, summaries, statistics, and dashboards for management and auditors.
Figure 7. Customized Dashboard