Embed Size (px)
DESCRIPTION
Tripwire Log Center is a leading SIEM solution with intelligent interface capable of handling assets with large EPS. The PPT descibes the interface look and feel and some basic features about look and feel, how its different from anyother SIEM. LOGON Software, is a the distributor for Tripwire products in india, visit our website www.softwareasia,com to know more about Tripwire solutions.
Citation preview
Overview
www.softwareasia.com
Client interface for the Manager,
Tripwire Console works in in three modules : 1. TLC Manager : The server archiving co relating logs 2. TLC Console : The interface application to connect and manage the manager 3. Log sources : The Assets which we intend to monitor
TLC Overview
Collects, co relate and archives logs
Tripwire Log Center Manager
Windows Linux Active
Directory Database
Network Devices
TLC Manager
LOG Sources
Tripwire Console spitted in two views Events : Allows analysis and reporting. Resources : Configuration Tab for system configuration
TLC Console : Events and Resource
Events :Dashboards : Allows analysis and reporting. and views to Administrators and end users
Dashboards
Events :Dashboards : Customizable layouts
Dashboard views
Events :Event Database Viewers allows to navigate into events database
Event Database Viewer : Sensors
Events :Event Database Viewers allows to navigate into events database
Event Database Viewer : Events on assets
Events :Event Database Viewers enables to do forensics of events by mapping events visualizing co relation , and you can replay events at any stage of forensics
Event Database Viewer : Event Relationships
Events :Event Database Viewers to drill down on event priority
Event Database Viewer : Priorities
Events :Event Database Viewers to drill down on type of communication ports and source IP other parameters
Events: Source and Destination Details
Events :Event Database Viewers to drill down on type of process
Events : System Processes
Events :Event Database Viewers analyze the patterns for event-time graphs
Events : Graphs and Patterns
Real Time Event Viewer :Shows raw and normalized buffered for processing from log sources
Real-time Event Viewer : As they happen
Audit Logger : Allows to query event database and raw in Google like real-time filtering which can be used for reporting and creating scheduled tasks
Audit Logger: Search like google
Task Manager: Allows to interactive define and create task parameters ranging from report tasks to archiving and sanitation tasks
Task Manager: Creating Tasks Precisely
Task Scheduler: Allows automate the tasks
Task Scheduler: Manage,Monitor,Automate
Report Center : Allows to create and define reports and also manually execute reports
Report Center: Reporting
Configuration Tab: Allows to manage the Tripwire Log Center environment and its Assets , logical groups and tagging
Configuration : Managing Environment
Configuration Tab: Allows to manage the Tripwire Log Center environment and its Assets , logical groups and tagging
Assets : Configure, Group, Monitor
Configuration Tab: Allows to manage the Active directories
AD: Integrating Active Directory
Normalization Rules: Allows to normalization of the logs and locate the events of interests in any log string
Normalization Rules: Reading what log says
Normalization Rules: Allows to normalization of the logs and locate the events of interests in any log string sourced by Oracle DB Collector
Oracle Rules
Normalization Rules: Allows to normalization of the logs and locate the events of interests in any log string
Normalization Rules : Tuning
Co Relation Rules: Allows normalized logs to be filtered again and define logical series of events which can become a qualified event of the logs after compiling logs from various sources
Co-Relation Rules : The Sherlock
Co Relation Rules Creator: Allows to define and edit scenario using easy to use Visio based creator
1 . Take a Rule , sends an alert post logon failure
2 . Drag a new condition of success logon
3 . New Condition : alert when a Successful logon detected post a failed attempt.
Co-Relation Rule Creator : Forensics Made Easy
Manager Settings: Allows to configure log sources and parameters , like roles asset types etc
TLC Manager
Actions : several types of actions can be configured to process on qualifying an event as sending email detailed or summary or run a report creating tickets for engineers and executing scripts' hosted on the server
Alert & Actions
End of Slide
www.softwareasia.com
For reference only Contact Us for more details on Tripwire products
www.softwareasia.com
Website : www.softwareasia.com Email: [email protected] Email: [email protected]
