LogSentinel SIEM Service FAQ

What types of data does LogSentinel SIEM collect?

LogSentinel SIEM integrates with your existing environment (on-premise or cloud), e.g. Active Directory, LDAP, and DHCP, endpoints, cloud services (IaaS and SaaS) and other security solutions. The collected data is normalized, enriched, and correlated to the users and services that produced it in order to help your team during incident investigation and detection. We do not collect your corporate or customer data.

What is the data retention policy? How long is data stored?

By default, we keep data for 2 years, but our technology allows for unlimited retention, if extended periods are requested. Data is in active (hot or warm) state for 1 month, after which it is moved to slower, but still searchable storage. During the whole period data can be used for search, investigations and visualizations.

Customers can choose to export all of their data in various formats (JSON, CSV, protobuf) at any time. Data that gets deleted after the period of 2 years is also exported (archived) automatically.

Do I need additional storage when collecting logs with LogSentinel SIEM?

No. Logs are collected in near real-time by an on-premise installation of our LogSentinel collector and sent to the LogSentinel SIEM service API, hosted in Amazon Web Servives (AWS). AWS is a secure, scalable cloud computing (infrastructure-as-a-service) platform with high availability and flexible storage options.

How does LogSentinel protect data?

Data is encrypted both in transit and at rest. All our storage is encrypted with symmetric encryption, and all connections are encrypted with TLS 1.2. We also provide an option for searchable encryption – you can choose to encrypt all the data that you sent without us ever being able to decrypt it, while still preserving many search and analysis capabilities. In terms of data segregation between customers, we enforce strict access controls – each customer’s data is isolated from other customers’ data by access control at both application level and storage level.

How does LogSentinel ensure scalability and availability of my data?

LogSentinel SIEM is hosted in Amazon Web Services (AWS) which allows us to increases our capacity (CPU, memory, storage, network) automatically when there’s increased load. We leverage AWS to guarantee backup, redundancy, and high availability. AWS has SOC 1, 2 and 3 reports for their security compliance. Our SIEM and our data architecture have been built for scale and high-availability from day one.

What happens with my data in case of contract/subscription cancellation?

You have access to your data 90 days after your contract/subscription is cancelled. If you want your data to be erased earlier, you can file a request and we’ll comply promptly.