Analyze and SIEM Integration
Choose your way to analyze your scan results
Now that you have scanned your infrastructure, it’s time to analyze the log files for suspicious activity. There will be false positives and legal occurrences of suspicious elements or dual use tools. This lies in the nature of scanning for APTs and traces of adverse activities and system manipulations.
Nextron offers an own analysis engine – the ASGARD Analysis Cockpit – that is optimised for analyzing scan results from THOR and SPARK. But we also integrate into your favourite analysis engine. So the choice is up to you.
Analyze your scan results with our Analysis Cockpit
Use the Analysis Cockpit to visualise your logs in a detailed graphical interface. Drill down to get in-depth detail about why the log entry was classified as an “Alert”, a “Warning”, or a “Notice”. After finishing the analysis use the Analysis Cockpit to set your baseline, that efficiently filters out these legal occurrences and false positives for the future. So that you can focus on newly rising suspicious elements in your infrastructure.
Forward relevant Alerts to your SIEM System
The Analysis Cockpit automatically forwards logs that are not caught by one of the baseline-filters to your SIEM System . Of course you also forward all the scan results to your SIEM directly and do the analysis and filtering there. In this case you can also utilize our out-of-the-box Arcsight© integration for THOR logs.
Analyze your scan results with our Splunk App
For those who already have SPLUNK within their organisation, it might be worth considering to use our free Splunk© App. It already understands the THOR and SPARK log format and makes it easy to focus on the most relevant alert or most suspicious system.
Analyze your scan results with ELK / Kibana
We also offer an Elasticsearch integration so that you can send your logs to Kibana©.
So, what option suits best for my organisation?
- If you scan for APTs frequently and on a huge amount of sysems, use our Analysis Cockpit. The integrated baselining function will save you lots of time and will make it easy to focus on the right things in your SIEM system.
- If you scan only once use an analysis engine that you are familiar with.