ALM is a CESG CCTM Accredited forensic SIEM/Log Management solution, used by government agencies, major commercial organisations, local government departments and IT service providers to look for cyber threats and to deliver IT security intelligence and visibility of system activity to the people who need it.
ALM Log Collection
Assuria Log Manager (ALM) uses agents to collect log data into a central store. ALM server-side components then process the collected logs from the store, e.g. to normalise and filter selected events into a database, or to export to external systems.
ALM’s collection architecture uses agents to collect data (typically logs, but ALM can collect anything, including screenshots and network packet captures) from a variety of sources. Data sources can be added at will, and include local log files, support for various remote protocols such as Syslog, WMI and OPSEC LEA, and querying of web/cloud services.
The agent collects data in their original format, unchanged, sequence numbered and digitally signed. It then transfers the data via a mutually-authenticated TLS channel to an ALM Collector, which writes the data into a Store. The agent can also generate alerts when specific events appear in the logs that it collects.