Log Management

SurePassID provides a 360° view of user access with full MFA audit trail and advanced log management

  • Real-time monitoring via syslog
  • Comprehensive logging for AI-based risk assessment and threat detection
  • Integrations with security information, event management, security orchestration, automation, and response tools

LOG MANAGEMENT

Syslog

System Logging Protocol (syslog) is a standard protocol used to send system log or event messages to a specific server, called a syslog server. Syslog is used for system management and security auditing, as well as general informational, analysis, and debugging messages. Syslog is defined in RFC 5424, The Syslog Protocol.

SurePassID Authentication Server uses Event Log Synchronization (ELS) to securely pull MFA audit trail events and store them in a syslog. ELS filters specify the MFA event types that are eligible to be pulled. The ELS application is installed on your servers and is a component of the SurePassID Local Agent.

The following MFA event types can be synchronized to a syslog: Severe, Warning, Success, Action Required, and Informational. The Event Log Sync Application uses https for transport security by default. If more security is needed, PKI and X.509 certificates can be used.

LOG MANAGEMENT

SIEM and SOAR integration

Security Information and Event Management (SIEM) or Security Event and Information and Management (SEIM) tools collect log and event data that is generated by host systems, security devices, and applications and collate it on a centralized platform. SIEM/SEIM tools sort the data into categories, such as ransomware activity, failed and successful MFA logins, and other potentially malicious activity. When SIEM/SEIM tools identify a potential security issue, an alert is generated, triggering an automated or human response based on security policies.

Security Orchestration, Automation and Response (SOAR) platforms are a collection of security software solutions and tools for browsing and collecting data from a variety of sources. SOAR solutions then use a combination of human and machine learning to analyze this diverse data in order to comprehend and prioritize incident response actions.

SurePassID Authentication Server uses Event Log Synchronization (ELS) to securely pull MFA audit trail events and integrate them with an SIEM or SOAR tool. ELS filters specify the MFA event types that are eligible to be pulled. The ELS application is installed on your servers and is a component of the SurePassID Local Agent.

The following MFA event types can be synchronized to a SIEM or SOAR tool: Severe, Warning, Success, Action Required, and Informational. All SIEM and SOAR integrations use https for transport security by default. If more security is needed, PKI and X.509 certificates can be used.

FREQUENTLY ASKED QUESTIONS

FAQs about SurePassID and our Authentication Server solution

  • Software-as-a-Service (SaaS)
  • Windows Installer Package (Microsoft Windows Server 2008/2012/2016/2019/2022)
  • Virtual Machine (Microsoft Hyper-V)
  • Container (Docker/Kubernetes, Microsoft ACI, Amazon ECS)
  • Serverless/Function-as-a-Service (FaaS)
  • Embedded (8, 16, or 32-bit microcontrollers)

Cloud deployments can occur same day. On-prem deployments will vary depending on the complexity of your requirements. Regardless, our Customer Success team is with you every step of the way.

SurePassID is the most hardened authentication solution on the market. Customers choose us because we specialize in securing user access to mission-critical IT/OT systems and critical infrastructure. We never stop innovating to protect our customers from evolving cyberthreats.

As a SAML 2.0 IdP, SurePassID easily and seamlessly integrates with any on-prem (e.g. Ping Identity) or cloud-only (e.g. Okta) IAM solution.

  1. Unmatched on-prem and OT capabilities
  2. Outstanding technical support
  3. Unbeatable value

Visit https://www.surepassid.com/pricing for a complete guide to SurePassID Authentication Server pricing and features.

Discover why leading enterprises choose SurePassID Authentication Server

Talk to one of our MFA experts about your unique requirements. Or request a demo and see how easy it is to secure your user access with SurePassID Authentication Server.