ALM-SIEM monitors, detects and helps to respond to cyber security incidents and data protection threats. It combines Security Information & Event Management (SIEM), File Integrity Monitoring (FIM) and Log Management (LM) functionality in an integrated software solution. By continuously monitoring your on-premise and cloud based IT and business infrastructures, ALM-SIEM provides deep security intelligence and visibility of critical threats to your organisation, helping to mitigate and prevent those threats, while also helping with regulatory compliance.
ALM Log Collection
Assuria’s ALM-SIEM solution uses agents to collect log data into a central store, although agentless collection is also available. ALM server-side components then process the collected logs from the store, e.g. to normalise and filter selected events into a database, or to export to external systems.
ALM’s collection architecture uses agents to collect data (typically logs, but ALM can collect anything, including screenshots and network packet captures) from a variety of sources. Data sources can be added at will, and include local log files, support for various remote protocols such as Syslog, WMI and OPSEC LEA, and querying of web/cloud services.
The agent collects data in their original format, unchanged, sequence numbered and digitally signed. It then transfers the data via a mutually-authenticated TLS channel to an ALM Collector, which writes the data into a Store. The agent can also generate alerts at source when specific events appear in the logs that it collects.