In keeping with our principle “to fulfil our clients’ needs and exceed their expectations”, we are continuously revamping our platform with new innovative features and enhancements. Such features and enhancements are a testament of our pioneering role in the uncharted territory of Big Data Advanced Security Analytics.
What’s New in v6.0
Several new features are introduced in this ClearSkiesTM SaaS NG SIEM version 6.0:
The formula was designed to act as a filter for the different indicators being reported by the “Threat Intelligence” ServiceModule. It operates on a series of variables that were designed and engineered towards capturing the full characteristics of an indicator. Once those variables are derived, the formula evaluates the indicator and assigns it a score. The higher the score, the more important the indicator. Alert generation and incident escalation depend on the score confident level determined by the user.
Identity & Access
This new ServiceModule aggregates, visualizes and monitors the statuses of thousands of user accounts, drastically improving the auditing and insider threat detection capabilities of your organization with minimal effort.
It further integrates with and complements other ClearSkies™ SaaS NG SIEM ServiceModules, such as Advanced Security Analytics (User & Entity Behavior Analysis (UEBA)) and ClearSkies™ NG Endpoint Detection & Response (EDR) agent, for maximal insight generation. It helps to strengthen your security posture against insider threats.
“Identity & Access” ServiceModule empowers security personnel and upper management to effortlessly spot and timely investigate the following:
- Inactive user accounts
- Never-logged-on user accounts
- Soon-to-expire passwords
- Disabled accounts
- Accounts of attention
- Groups by size
- Nested groups
- Replication errors
- Operating systems’ update status
- Successful and failed logins
- Which user did what from where and when
- User account clutter in need of maintenance
To experience the full capabilities of the “Identity & Access” ServiceModule, download the “Identity & Access” Configuration Guide under ToolsDownloads in the ClearSkies™ Secure Web Portal, and then proceed with the guidelines laid out.
Important note: ClearSkies™ NG Endpoint Detection & Response (EDR) Agent v6.2.0 is a prerequisite to “Identity & Access”.
New Supported LogSources
|Vendor||Product||Type of Collection|
|Dell||Dell MXL Switch||Syslog|
|Symantec||Symantec Data Loss Prevention||Syslog|
|Symantec||Symantec Endpoint Protection Manager||Syslog|
|Check Point||Check Point MTA||LEA Application|
|Microsoft||Azure Audit Logs||Syslog|
|Oracle||Oracle Audit Vault Database Firewall||Syslog|
|Aruba||Aruba WLAN Controller||Syslog|
|Cisco||Cisco Meraki Flows||Syslog|
|Cisco||Cisco Meraki Events||Syslog|
|Cisco||Cisco Meraki Security Events||Syslog|
|Cisco||Cisco Meraki URLs||Syslog|
|IBM||ISS Network Protection XGS-Self Managed – Firewall||Syslog|
|IBM||ISS Network Protection XGS-Self Managed – System||Syslog|
|RSA||RSA SecureID Authentication Manager (Admin Audit)||Syslog|
|RSA||RSA SecureID Authentication Manager (Audit Runtime)||Syslog|
|Cisco||Cisco Firepower Management||Syslog|
|Microsoft||Windows DHCP||ClearSkies NG Endpoint agent|
|Symantec||Symantec DLP Suite System||Syslog|
|Oracle||Glassfish Web Server||Syslog|