SIEM - The Importance of Displaying Contextual Information with an IP address - AccelOps | Integrated Data Center Monitoring, Cloud Monitoring, Security Information and Event Management (SIEM), Server and Network Monitoring

วิธีเล่นบาคาร่า วิธีเล่นแบล็คแจ็คที่คาสิโน วิธีที่จะชนะที่คาสิโน วิธีเล่นคาสิโนออนไลน์วิธีเล่นเกมไพ่คาสิโนวิธีเล่นรูเล็ตที่คาสิโนสิ่งที่ต้องสวมใส่ในคาสิโนวิธีเล่นเกมไพ่คาสิโน

Why AccelOps? AccelOps vs. Competitors Customer Testimonials Limited Time Trade-in Offer Free Trial Download

สล็อตคืออะไร วิธีชนะสล็อตแมชชีน การแข่งขันสล็อตทำงานอย่างไร

Meet our Customers

AccelOps Partner Program Channel Partners Technology Partners Deal Registration Become a Partner

Analyst Coverage Document Library Videos & Demos Webinars & Podcasts FAQ Blog

Support Professional Services

About AccelOps Management Board of Directors In the News Press Releases Careers Contact Us

SIEM – The Importance of Displaying Contextual Information with an IP address

Posted on: April 29th, 2010 by AccelOps

In any Security Information and Event Management (SIEM) product, in order to get the full details about an incident or event, showing contextual information about the IP address is crucial. The event or incident will include a source or destination IP, but the admin needs to know more: the hostname, OS information, version, owner, and if it’s a known server or client machine in the network.

In AccelOps‘s integrated data center monitoring solution, we provide this extended information with a single click wherever IP address information is presented in the UI.

It’s also beneficial to know about the performance of the server (such as CPU, Memory) etc with a single click so that it’s easy to figure out whether it’s a performance or availability issue.

For an external IP address, it may be crucial to get contextual information such as “whois information”, geographical location, whether it’s a part of already known spam databases, etc.

When the user clicks on the “Geo location” it brings up a browser window and will locate the geographical location of the external ip and provide a Google Map using the website http://www.dnsstuff.com.

Trace-route – will provide the trace route to the external IP from the client browser
SAN StormCenter – will look up this IP information in SANS Internet Storm Center http://isc.sans.org/
SenderBase Reputation – will look up the ip information in the Cisco Senderbase database http://www.senderbase.org
HoneyPot – will lookup the IP information in the Project HoneyPot database at http://www.projecthoneypot.org

The bottom part of the dialog box shows the identity and location information about a given ip address by constantly tracking the user and IP address in the network. User identity and location involves associating a network identity (e.g. IP address, MAC address) to a user identity (e.g. user name, computer name, domain), and the location (e.g. wired switch port, wireless LAN controller and VPN gateway).

The association is obtained by combining Windows Active Directory events, DHCP events, WLAN and VPN logon events with AccelOps Discovery results.

You can read more on the next generation SIEM functionality here or look for Cisco MARS upgrade package benefits here.

share:
Bookmark on Delicious
Digg this
Recommend on Facebook
Share on Reddit
Tweet this

Comments are closed.

Categories

SIEM – The Importance of Displaying Contextual Information with an IP address