Monitoring via SysLog, and the “Prot-On SOC” service

2017-12-12lnunezNo CommentsTechnical news about Prot-On

Now the Prot-On audit activity events can be exported in real-time to be monitor.
To get benefit of this feature, Prot-On offers a monitoring service for detection of anomalous behavior patterns.

Export activity log via SysLog

Now, additionally to store the events locally in Prot-On database, the domains can be configured to export this tracking information via SysLog toward log analyzers like SIEM systems.

Prot-On allows to configure one or more SyLog listening servers by Domain, as well as for the Key Server level. UDP and TCP with TLS are supported.

Prot-On SOC: Event monitoring service

Beginning with the launch of version 3, Grupo CMC offers an optional 24×7 monitoring service of the activity log of Prot-On protected documents. The goal of the service is to detect anomalous patterns that allow to identify unauthorized uses of protected information and inform the company that owns that information.

For example, some patterns of behavior that could trigger an alert to investigate may be:

Mass information unprotection
Geolocation of the user and alerts based on country of origin
Monitoring and custom alerts associated with a particular user, or a particular document, or type of documents
Excessive or unusual screenshots or printings
Multiple accesses with incorrect password

Monitoring via SysLog, and the “Prot-On SOC” service

Export activity log via SysLog

Prot-On SOC: Event monitoring service

Leave a reply

Search

About us:

Categories

Recent Posts

Monitoring via SysLog, and the “Prot-On SOC” service

Export activity log via SysLog

Prot-On SOC: Event monitoring service

Leave a reply

Search

About us:

Follow Us!

Categories

Recent Posts