SIEM Ease-of-Use and Indicators: Describing the Spread of Data

Dr. Ertuğrul AKBAŞ

Ertugrul.akbas@anetyazilim.com.tr

www.anetyazilim.com.tr

Ease-of-use and big data to define the next generation SIEM solution. Ease-of-use and simplified management are the key specifications for a successful SIEM solution.

ANET SureLog SIEM solution has a very intuitive and easy of use GUI. The SIEM needs to be easy enough to use where it doesn’t require a large team of people to maintain it. A GUI's primary purpose is to make an end user's job easier. Working with Views and Dashboards with drag&drop is supported with ANET SureLog which is a Log Management & SIEM integrated solution.

Figure 1. SureLog Security Dashboard

Data Representation

Network administrators need better data representation in different graphical formats, reports and dashboards. Viewing and analyzing log data in a graphical manner is a preferred choice rather than looking at raw log data. Instead of spending time sifting through raw log data and gaining intelligence, one glance at the graphical representation has to drive the administrator

to make decisions. Dashboard is among the most critical components of an IT security solution. It is the primary interface to monitor real-time events and to perform analysis, reporting and manipulation of stored log data. Presenting the vital information from the log message in form of graphs and charts is very much essential to help administrators to take timely action.

SureLog Reports and Dashboards are designed for

A summary status that indicates how things stand overall. Users need to be able to tell at a glance whether they should worry or not.

Reflect a well-understood structure of the security infrastructure Support quick diagnosis of problems. The data presentation should point directly to the likely

source of the problem. Simple data presentation. Real-time dashbaord’s aren’t the place for complex or advanced data

visualizations

Same advantages of SureLog

Build one or more dashboards with no programming just with drag&drop support, Allow you to choose exactly the widgets you like, Choose what data sources you need, Offer a large number of ready-to-use sources, Allow you to customize layout w.r.t. location and size of widgets, Create different permission levels, for different people in your security team. Allow you to customize colors and chart types. Allow you time frames.

Figure 2. Default Dashboard

Creating a Custom Dashboard

You will create a new dashboard utilizing the query just created along with some other useful default queries. SureLog has 5 option to create custom dashboard

Select any table view from any forensic search result: While searching or filtering any even data, final result view (Tabular or graphical representation) can be added as a dashboard widget just with one click

Select any dynamically created toplist report from real time log data: Toplist from real time data can be created with clicking the header of table view of the data. This toplist graphical view can be added to dashboard widget just with one click

Select any predefined trend and statistical report from statistical framework utilizing special statistical calculations. SureLog offers a rich set of pre-defined reports that help in analyzing bandwidth usage and understanding network security. You can select any report and add this report as a dashboard widget just with one click

Creating a custom query: Customizable filters over any reports can be used to create new dashboard widgets

SQL query: SQL query can be used to create new dashboard widgets over any data sources. SQL emulator over big data infrastructure is available within SureLog

Figure 3. Dashboard Creation Dialog

Building a dashboard like this enables a user to quickly drill down on points of interest.

Creating a Custom Query: SureLog also provides a wizard allowing you to create custom queries, which can also be used in a dashboard with drag&drop support. Also, you will create a more advanced query with SQL query language.

Figure 4. Dynamically Created Toplist Report

Figure 5. Dynamically Created Toplist Report

Statistical Reports&Dashboards

SureLog offers a rich set of pre-defined reports that help in analyzing bandwidth usage and understanding network security.

The following reports are generated based on Firewall logs:

Traffic Reports

Inbound & Outbound Traffic Intranet Reports Internet Reports Geolocation Map View Report

Security Reports

Security Reports Virus Reports Attack Reports Spam Reports

Trend Reports

Protocol Trend Reports Traffic Trend Reports Event Trend Reports

VPN Trend Reports

Figure 6. Statistical Report - Attacks

Any predefined statistical report can be added to dashboard just one click. Dashboards are available out-of-the-box and also can create revision-proof compliance reports, summaries, statistics, and dashboards for management and auditors.

Figure 7. Customized Dashboard