Key Features:

Enterprise Wide Log Collection

Secure and forensically sound collection of logs and machine data from almost any source into a central store. 

Massively scalable. Easily extensible to collect from unique systems & devices.

Modular & Scalable Architecture

Designed to support almost any sized IT environment up to thousands of log sources. Supports multiple collection points, with load balancing and resilience built-in.

File Integrity Monitoring

Built-in FIM service alerts on unauthorised changes outside of the scope of audit logs. Monitor key assets such as critical system files, configuration files, packages, critical data files, system objects etc.

Enterprise Log Management

Enterprise wide, agent & agentless automated log management built-in. Ensures the security, continuity and integrity of all collected logs and allows alerting at the log source.

Data Analytics, Visualisation & Reporting

Automated data enrichment, flexible analysis, correlation, aggregation, alerting and reporting in HTML, PDF, XLS, XML and CSV. Data visualisation. Built-in data export features (data can be exported in original, form normalised and content normalised form) to any external service (e.g. Big Data Analytics).

Forensic Integrity of Data

An RSA/SHA256 digital signature is calculated and the log digitally signed before transfer. Transfer is authenticated and encrypted using TLS. Log data are securely stored and retained in verifiably original and complete form, allowing multiple uses and deep forensic investigations.

Secure Storage

Log cataloguing, chain of custody records, archive creation and management. Essential meta data included. Fully searchable store. Archive to secure long term storage, complete with a digitally-signed manifest.

Pre-configured Security Controls

ALM SIEM is delivered complete with comprehensive pre-configured security controls encapsulating UK Government GPG13 Protective Monitoring guidelines and accepted security best practice. Install, apply basic configuration and built-in policies and start your defence grade protective monitoring service!

ALM Log Sources

Logs and event data enter an ALM SIEM system through an ALM agent. For reasons of log data integrity, efficiency and resilience, the preferred option is to install agents on the hosts that create the logs, but agentless deployment is available in order to collect logs remotely.

ALM’s architecture allows collection and management of almost any log or data type, including binary logs, not just simple text files as with many SIEM solutions.

Customers can add additional log sources to meet their unique needs via the optional Assuria Log Source SDK.

ALM Log Collection

Assuria’s ALM SIEM solution uses agents to collect log data into a central store, although agentless collection is also available. ALM server-side components then process the collected logs from the store, e.g. to normalise and filter selected events into a database, or to export to external systems.

ALM’s collection architecture uses agents to collect data (typically logs, but ALM can collect anything, including screenshots and network packet captures) from a variety of sources. Data sources can be added at will, and include local log files, support for various remote protocols such as Syslog, WMI and OPSEC LEA, and querying of web/cloud services.

The agent collects data in their original format, unchanged, sequence numbered and digitally signed. It then transfers the data via a mutually-authenticated TLS channel to an ALM Collector, which writes the data into a Store. The agent can also generate alerts at source when specific events appear in the logs that it collects.