Sign in

Working With Logs in NetWatcher

One of the many values of the NetWatcher Managed Detection & Response service is that it can aggregate logs from devices, server and endpoints and correlate on the data and operate as a Security Information and Event Management system or SIEM.

When you point syslogs to the sensor (or load the NetAgent and turn on LOGS) there are 2 levels of correlation.  The first happens on the sensor itself locally where the sensor looks through the log to see if it maps to any of its rules, if there is an item in the log that is identified an "Event" is created and sent to the second level of correlation (Cloud Correlation) to determine if an Alarm is necessary.


















Powered by Zendesk