Key Features:

Enterprise Wide Log Management

Enterprise wide, agent & agentless automated log management built-in. Secure and forensically sound collection of logs and machine data from almost any source. Ensures the security, continuity and integrity of all collected logs and allows alerting at the log source. Massively scalable, with resilience built-in.

Automated Threat Intelligence

ALM-SIEM ingests industry leading Threat Intelligence feeds, automatically enriching log and event data with key intelligence from these external watchlists and threat data.  ALM-SIEM also enriches the Threat Intelligence data feed with additional content, such as specific client context information, further enhancing Threat Hunting services.

Forensic Integrity of Data

An RSA/SHA256 digital signature is calculated and the log digitally signed before transfer. Transfer is authenticated and encrypted using TLS. Log data are securely stored and retained in verifiably original and complete form, allowing multiple uses and deep forensic investigations.

Secure Data Storage

Log cataloguing, chain of custody records, archive creation and management. Essential meta data included. Fully searchable store. Archive to secure long term storage, complete with a digitally-signed manifest. Support for deep forensic investigation and re-investigation of all current and historic data.

Pre-configured Security Controls

ALM-SIEM is delivered with comprehensive out-of-the-box security controls, threat use cases and powerful alerting dashboards. Automated analytics using these built-in controls provides immediately enhanced security defences, visibility of security issues and mitigation support. Compliance failures also become evident.

Built-in Alerting and Operational Dashboards

ALM-SIEM is delivered with comprehensive and highly effective alerting and operational dashboards to support threat and audit reporting, security detection and response operations and analyst threat hunting services.  Multi format hard and soft copy alerting and reporting is also available (e.g. HTML, PDF, XLS, XML and CSV)

Export to External Services

ALM-SIEM is an open platform solution which does not lock in user organisations, either through data format or technology platform. Automated data enrichment and flexible form or content normalisation, along with built-in data export features mean that data can be exported in original, form normalised or content normalised form to almost any external service.

File Integrity Monitoring

Built-in FIM service alerts on potentially unauthorised changes to critical assets, outside of the scope of audit logs. Continuously monitor identified key assets such as critical system files, configuration files, packages, critical data files, system objects etc.

ALM Log Sources

Logs and event data enter an ALM-SIEM system through an ALM agent. For reasons of log data integrity, efficiency and resilience, the preferred option is to install agents on the hosts that create the logs, but agentless deployment is available in order to collect logs remotely.

ALM’s architecture allows collection and management of almost any log or data type, including binary logs, not just simple text files as with many SIEM solutions.

Customers can add additional log sources to meet their unique needs via the optional Assuria Log Source SDK.

ALM Log Collection

Assuria’s ALM-SIEM solution uses agents to collect log data into a central store, although agentless collection is also available. ALM server-side components then process the collected logs from the store, e.g. to normalise and filter selected events into a database, or to export to external systems.

ALM’s collection architecture uses agents to collect data (typically logs, but ALM can collect anything, including screenshots and network packet captures) from a variety of sources. Data sources can be added at will, and include local log files, support for various remote protocols such as Syslog, WMI and OPSEC LEA, and querying of web/cloud services.

The agent collects data in their original format, unchanged, sequence numbered and digitally signed. It then transfers the data via a mutually-authenticated TLS channel to an ALM Collector, which writes the data into a Store. The agent can also generate alerts at source when specific events appear in the logs that it collects.