LogSentinel SIEM Features
|Centralized log collection, aggregation and normalization|
|Unlimited On-Premise Integrations||Supported integrations and sources|
|Unlimited Cloud Integrations||Supported integrations and sources|
|Custom Connectors||UI-based configuration for any text file or database source|
|Agentless collection||Collect logs without the need to install an agent on each monitored machine|
|Long-term retention||Data retention policies|
|Per-source retention||Data retention documentation|
|Asset discovery||Setting up automated asset discovery|
|Rule-based event correlation and threat detection||Configuring correlation and statistics rules|
|Machine-learning threat detection||Overview of machine learning anomaly detection|
|Threat intelligence||Supported threat intelligence feeds|
|Threat hunting||Threat hunting dashboard|
|Phishing detection||Phishing detection overview|
|Leaked credentials notification||Leaked credentials|
|Website formjacking detection||Website formjacking overview|
|File integrity monitoring||Setting up file and registry integrity monitoring|
|Honeypot data collection||Configuring a honeypot agent|
|Incident response capabilities||Incident response actions|
|Investigation and triage||Investigation dashboard|
|Flexible threat notifications||Configuring alert destinations|
|Automation||Incident response automation & SOAR integration|
|Dashboards and reporting|
|Custom security dashboards||Custom dashboards user guide|
|Management reporting||Configuring reports|
|Compliance reporting||Supported regulations for compliance reporting|
|Application monitoring||Flexible application audit log collection|
|Database activity monitoring||Supported databases|
|Network monitoring||Supported appliances|
|SAP Security Monitoring||SAP Security monitoring details|
|IAM Security Monitoring||IAM Security monitoring details|
|Implementation and support|
|Flexible deployment options||On-premises, Cloud/SaaS, Whitelabeled|
|Automated implementation plan||Implementation templates documentation|
|Email and phone support||Support is included in the license|
|Advanced security and compliance|
|Log integrity||Tamper-protected audit trail|
|Digital evidence||Legally sound digital evidence|
|End-to-end log encryption||Log searchable encryption details|
|Flexible billing options||Annual, bi-annual or monthly|
|Price based on the number of active users||Ask for quote or see pricing|
|Managed detection and response||Managed service pricing model that follows the SIEM pricing model|
See LogSentinel SIEM in Action
Schedule a live demo now!
SentinelDB offers a wide variety of features, mostly through our RESTful API. Below you can find a full list of the features and their descriptions:
- Encryption per record – we encrypt every record with a separate key. You get this feature out of the box and don’t have to do anything additional. We also do regular re-encryption of data, following the best practices in the field.
- Datastore management – you can have multiple datastores (conceptually equivalent to a “database”, “keystore” or “schema” in popular database solutions), and you can manage them via our dashboard or through an API. Each datastore has its own wrapped encryption key and its own separate audit trail.
- User management and authentication – you can store all your users and their personal data in SentinelDB. Each user can have a username and password which allows SentinelDB to be used for authenticating users. Whenever authentication succeeds, SentinelDB issues an OAuth-compliant token which can be used to make further API calls to user-specific endpoints. This is useful when you have to store the authentication in a mobile app or a desktop application, rather than using the general API credentials by a backend system.
- Two-factor authentication – each user stored in SentinelDB can be enrolled for two-factor authentication. Then each time username/password authentication is attempted, the user also has to provide the 2FA code in order to obtain a token.
- Record store – each user can have a number of records that are owned by them. You can store different types of records, with different fields. Records can be binary (encoded as Base64) in order to accommodate scanned documents and other non-structured files.
- Record schema validation – SentinelDB is schemaless, but you can define a custom JSON-schema and upon each insert or update, the data is validated against the schema
- Search – records and users can be searched by any of their fields (provided they are declared to be searchable in a search schema). Searches can be done by exact match or by keyword.
- SQL support – we support a subset of the SQL syntax for querying, inserting, and updating records and users in the database. You can read more here.
- Search schema – each user and each record type can have a search schema defined so that SentinelDB knows which fields to index and make searchable. Schemas are flexible and can be modified if new fields are added.
- Version history – the full history of modification for each user and each record is preserved and you can fetch any previous version for a given user or record.
- Audit trail – all reads and writes are logged at our blockchain-based audit trail service – Sentinel Trails. You can log in to the trails dashboard and drill down in the activity with flexible time-dependent queries. In order to have a more useful audit trail, you may have to provide an actorId for some of the SentinelDB API operations, indicating who was the user performing an action on a particular record (or another user). In most cases that would be the owning user, so no additional parameters are required.
- Fraud detection – we allow you to define fraud-detection rules based on the audit trail which, when triggered, will notify you for potential data breaches. We have a default, built-in set of rules in SentinelDB that would automatically block the extraction of data. On top of that, we also have a machine-learning based anomaly detection that is trained to detect usage pattern anomalies and report them.
- “Forget user” – implements the right to erasure (as per GDPR) by deleting all data about a user and keeping only a record that erasure has been performed.
- Pseudonymization – if you need to provide a sample of your data to a third party for analysis, you can use pseudonymization to protect the user identities. SentinelDB has that feature built-in – you just provide a pseudonymization key and we export pseudonymized data.
- Anonymization – you can choose to manually or automatically (after a period of time) anonymize the records. Anonymization is not “erasure”, but it renders all the records anonymous, thus making them unlinkable to a particular person (data subject). This feature can be useful if you need to keep historical, business-relevant data and you don’t need it to be attached to a particular person (user).
- Attribute visibility configuration – some data attributes are public, others should be visible to some types of authenticated users (e.g. partners), and others should be strictly private. SentinelDB allows the configuration of attribute visibility which then forces your application to explicitly request private and protected data. This can prevent accidental displaying of private and protected data on public pages or leaking it through public API endpoints.
- Custom master key provider – by default we use AWS KMS for secure management of keys. However, you can choose to supply your own master key management. In order to do that, you have to expose several endpoints (for wrapping and unwrapping keys) and register your provider with us.
- Automatic scalability – you don’t have to worry about scaling your database. SentinelDB and its underlying storage mechanism handle that for you. All you need to do is store and retrieve data.