Log Management
SurePassID provides a 360° view of user access with full MFA audit trail and advanced log management
- Real-time monitoring via syslog
- Comprehensive logging for AI-based risk assessment and threat detection
- Integrations with security information, event management, security orchestration, automation, and response tools
LOG MANAGEMENT
Syslog
System Logging Protocol (syslog) is a standard protocol used to send system log or event messages to a specific server, called a syslog server. Syslog is used for system management and security auditing, as well as general informational, analysis, and debugging messages. Syslog is defined in RFC 5424, The Syslog Protocol.
SurePassID Authentication Server uses Event Log Synchronization (ELS) to securely pull MFA audit trail events and store them in a syslog. ELS filters specify the MFA event types that are eligible to be pulled. The ELS application is installed on your servers and is a component of the SurePassID Local Agent.
The following MFA event types can be synchronized to a syslog: Severe, Warning, Success, Action Required, and Informational. The Event Log Sync Application uses https for transport security by default. If more security is needed, PKI and X.509 certificates can be used.
LOG MANAGEMENT
SIEM and SOAR integration
Security Information and Event Management (SIEM) or Security Event and Information and Management (SEIM) tools collect log and event data that is generated by host systems, security devices, and applications and collate it on a centralized platform. SIEM/SEIM tools sort the data into categories, such as ransomware activity, failed and successful MFA logins, and other potentially malicious activity. When SIEM/SEIM tools identify a potential security issue, an alert is generated, triggering an automated or human response based on security policies.
Security Orchestration, Automation and Response (SOAR) platforms are a collection of security software solutions and tools for browsing and collecting data from a variety of sources. SOAR solutions then use a combination of human and machine learning to analyze this diverse data in order to comprehend and prioritize incident response actions.
SurePassID Authentication Server uses Event Log Synchronization (ELS) to securely pull MFA audit trail events and integrate them with an SIEM or SOAR tool. ELS filters specify the MFA event types that are eligible to be pulled. The ELS application is installed on your servers and is a component of the SurePassID Local Agent.
The following MFA event types can be synchronized to a SIEM or SOAR tool: Severe, Warning, Success, Action Required, and Informational. All SIEM and SOAR integrations use https for transport security by default. If more security is needed, PKI and X.509 certificates can be used.
