incubator-alois-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Alois Wiki] Update of "IMF2011" by UrsLerch
Date Mon, 17 Jan 2011 13:29:56 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Alois Wiki" for change notification.

The "IMF2011" page has been changed by UrsLerch.
The comment on this change is: added some sentences to SIEM.
http://wiki.apache.org/alois/IMF2011?action=diff&rev1=26&rev2=27

--------------------------------------------------

  While incubation status is not necessarily a reflection of the completeness or stability
of the code, it does indicate that the project has reached a stable phase and has the potential
to be fully endorsed by the ASF. In fact, Apache ALOIS has shown its functioning over several
years in production. Apache ALOIS is aimed to be totally free and open for all contributions.
The openness provided for other programming languages is certainly proof of this. The plug-ability
- an active field of work in progress - is meant to guarantee that individual needs can be
realized without stressing the whole system. Furthermore, the basic functionality of ALOIS
may be extended in directions not yet foreseen. In our opinion, the Linux kernel is a good
example that this can work very well.
  
  == SIEM and computer forensics ==
- Since Apache ALOIS has originally been designed as a Security Information and Event Management
(SIEM) system, it makes sense to give a very brief introduction in this field. The term SIEM
is a combination of SIM (security information management) and SEM (security event management),
which are disparate tool categories. While SIM is meant to provide long-term storage, analysis
and reporting of log data, SEM deals with real-time monitoring, correlation of events, notifications
and console views. Now, a SIEM combines these two functionalities in one tool. The term Security
Information Event Management (SIEM) describes the capabilities of gathering, analyzing and
presenting information from very different sources as network and security devices, identity
and access management applications, operating system, database and application logs and even
external threat data. While the sources are at least partly very different from those of computer
forensics, the capabilities are almost the same! Usually they are forwarded from their respective
source to the SIEM as messages (log messages, triggers, traps, file submissions, database
table submissions etc.).
+ Since Apache ALOIS has originally been designed as a Security Information and Event Management
(SIEM) system, it makes sense to give a very brief introduction in this field. The term SIEM
is a combination of SIM (security information management) and SEM (security event management),
which are disparate tool categories. While SIM is meant to provide long-term storage, analysis
and reporting of log data, SEM deals with real-time monitoring, correlation of events, notifications
and console views. Now, a SIEM combines these two functionalities in one tool.
+ 
+ The term Security Information Event Management (SIEM) describes the capabilities of gathering,
analyzing and presenting information from very different sources as network and security devices,
identity and access management applications, operating system, database and application logs
and even external threat data. Usually they are forwarded from their respective source to
the SIEM as  messages (log messages, triggers, traps, file submissions, database  table submissions
etc.).  While the sources are at least partly very different from those of computer forensics,
the capabilities are almost the same!
+ 
+ Typically, modern SIEM tools can also integrate with external  functionality, as workflow
and ticketing for example, so the whole  process of incident prosecution can be applied within
one user  interface. Since every environment is different, the better SIEM tools provide a
flexible, extenable set of integration capabilities. Integrating specialised software for
computer forensics in a SIEM is therefore by definition, not an unsolvable challenge.
  
  == The Architecture of Apache ALOIS ==
  Apache ALOIS consists of five modules interacting to ensure a scaleable functionality of
a SIEM:

Mime
View raw message