Collects syslog data from critical systems and network devices into a central database. Graphical Web Interface makes it easy to search the database for answers. Historical, forensic data is stored. “Learn- mode” sets thresholds unique to your environment. Daily Over-Threshold Report focuses your attention on major issues. A correlation engine (Bacon) provides real-time alerts with escalation. Compliance (Access) Reports automatically produced for management.

ESM is a managed network security appliance (scalable HP server) with database for the collection, management and reporting of syslog messages, from critical hosts and network devices. This includes critical alerts involving security, performance, availability and compliance (access and change) reporting. xDefenders provides valuable design, deploy, management, monitoring and maintenance services.

Major Functions:

Store and Record Syslog Events in a Central Database.  Manage and save syslogs from multiple devices at a single location.

Generate syslog event report Meet Regulatory Requirements and produce Compliance Reports.

Monitor Activity Correlation engine running every 5 minutes for threshold assessment.

Performance monitoring of equipment to study resource utilization.

Generate real-time alerts based on activity and user defined thresholds, system failures, possible attacks and vulnerabilities.

Comprehensive Search feature, Easy-to -use forensic syslog search for suspicious or unusual activity

Five Compliance Reports are available:

• User Logon Report

• User Logoff Report

• Failed User Logons

• Object Access Report

• IPS Summary Report (Cisco ASA required)