New Connectors in SearchInform Event Manager

05.10.2017

Back to news

SearchInform Event Manager was enhanced with new sources of events and policies for connected external devices, Oracle servers, virtualization environments, Cisco network devices and FortiGate complex network security equipment.

Preset policies for connected devices include:

  • Copying to removable device
  • Operations with executables on devices
  • File execution from removable device
  • Copying too many files/much data to removable device

The Oracle connector provides for reading tables of databases and logs of Oracle server according to the following rules:

  • Failed/successful logins attempts
  • User or role creation/removal
  • User locked/unlocked
  • User password changed
  • Listener log

Preset policies for virtualization environment include:

  • VMview logon/logout events
  • VMware logon/logout events
  • Invalid passwords
  • Failed logons attempts
  • User group/role creation
  • User password changed
  • User creation/removal, etc.

A set of rules for Cisco network equipment include:

  • Console logon events
  • Built-in user account logon
  • Logon with elevated rights
  • System errors
  • Power supply errors
  • Cooling system failure
  • DHCP errors
  • Routing errors, etc.

The FortiGate connector provides for the collection of events of complex network security solutions, including events of logs Anomaly, App, AV, DLP, Email, Event and other.

The list of connectors and rules are constantly expanding. In the first half year of 2018, SearchInform Event Manager will be enhanced with new event sources, for example, Checkweighers, detectors of threats and intrusions, web servers, PUM platforms to control accounts with privileges. It is also planned to extend the list of supported firewalls, antiviruses and email servers. In the nearest future, 15 new connectors and over 100 new rules in total will be added to SIEM. They will be ready for use immediately after the system installation.