Monitoring via SysLog, and the “Prot-On SOC” service
Now the Prot-On audit activity events can be exported in real-time to be monitor.
To get benefit of this feature, Prot-On offers a monitoring service for detection of anomalous behavior patterns.
Export activity log via SysLog
Now, additionally to store the events locally in Prot-On database, the domains can be configured to export this tracking information via SysLog toward log analyzers like SIEM systems.
Prot-On allows to configure one or more SyLog listening servers by Domain, as well as for the Key Server level. UDP and TCP with TLS are supported.
Prot-On SOC: Event monitoring service
Beginning with the launch of version 3, Grupo CMC offers an optional 24×7 monitoring service of the activity log of Prot-On protected documents. The goal of the service is to detect anomalous patterns that allow to identify unauthorized uses of protected information and inform the company that owns that information.
For example, some patterns of behavior that could trigger an alert to investigate may be:
- Mass information unprotection
- Geolocation of the user and alerts based on country of origin
- Monitoring and custom alerts associated with a particular user, or a particular document, or type of documents
- Excessive or unusual screenshots or printings
- Multiple accesses with incorrect password