Event Analysis

Event analysis is the most important activity that the CNAM security suite offers with the aid of the its event analysis console. RSIM's event analysis console is a multi-purpose utility that represents the security scenario of an organization in form of graphs with drill-down capabilities which helps in event analysis and forensics.

It supports the functionality of the following features of the RSIM:

Query handling

The security analysts of an enterprise/organization can create and write log queries to filter the logs for specific activities. These queries can be saved in the console for further review.

Real-time alerting

Event analysis console of RSIM working in sync with the Incident management and ticketing feature notifies the organization of various threats and attacks happening on the assets of the organization in the form of real time alerts.

Comprehensive reporting

The event analysis console also allows an organization to set multiple parameters to generate comprehensive periodic reports. The reports can be customized based on the requirements of the organization. Ad hoc reports for specific forensic needs can also be generated.

Incident management and ticketing

Event analysis console is the backbone of RSIM. It enables the security analysts to analyze and compare the queries whenever the risk score or the vulnerability score of an asset touches the threshold, which in turn generates a ticket against that particular vulnerability or risk. The mitigation process is thus enhanced and swift reactive measures can be adopted to curb the attack.

Dashboards

Event analysis console has an inbuilt layout of six dashboard views that enable the CTO/CISO, and the top management to continuously monitor the security scenario and take counter measures in the event of unusual behaviour in the network. The parameters on the dashboards can be customized by the organization.
For example:
The CTO can customize one of the dashboard for failed logon attempts in 24 hours or the parameter of the other dashboard can be set to present the number of attacks on a particular asset in the whole month, etc.