Collect, alert, review, and retain audit logs of events that could help detect, understand, or recover from an attack.
OpExpert’s Log Management Integration can aggregate logs from multiple sources then correlate events of interest to detect anomalies, suspicious behaviors, changes and patterns known to be threats and indicators of compromise. OpExpert can monitor to ensure logging is enabled and configured correctly, as well as detect when logging is disabled. OpExpert can identify the log events associated with a change and dynamically correlate log events across tagged systems.
• Network Time Protocol (NTP) Systems
• Log Management System / SIEM