ALM-SIEM is an accredited, forensic, all-in-one Security Information & Event Management (SIEM), File Integrity Monitoring (FIM) and Log Management (LM) software solution, used by government agencies, commercial organisations, local government departments and SOC operators to spot and help to stop cyber threats, deliver security intelligence to senior management and provide visibility of system and user behaviour to security teams.
ALM Log Collection
Assuria’s ALM-SIEM solution uses agents to collect log data into a central store, although agentless collection is also available. ALM server-side components then process the collected logs from the store, e.g. to normalise and filter selected events into a database, or to export to external systems.
ALM’s collection architecture uses agents to collect data (typically logs, but ALM can collect anything, including screenshots and network packet captures) from a variety of sources. Data sources can be added at will, and include local log files, support for various remote protocols such as Syslog, WMI and OPSEC LEA, and querying of web/cloud services.
The agent collects data in their original format, unchanged, sequence numbered and digitally signed. It then transfers the data via a mutually-authenticated TLS channel to an ALM Collector, which writes the data into a Store. The agent can also generate alerts at source when specific events appear in the logs that it collects.