This tutorial explains how to setup the IPS system to drop SSL certificates listed on the SSL Blacklists & Feodo Tracker.
When enabled and configured, this module detects selected important events that are recorded in any number of system or application log files on any of your servers.
If you also enable Halo alerting, you can receive near-real-time alerts when the highest-priority events are logged.
The Active Watch GIAC experts augment your existing IT team to shift the burden of 24x7 monitoring ensuring rapid detection and response to incidents Schedule Demo Alert Logic provides the key elements to identify network threats so you can respond quickly: People Highly trained GIAC security experts monitor, analyze, and alert you to incidents 24x7.
Real-Time Network Monitoring We collect and monitor real-time activity in your network and computing environment.
To perform deeper analyses on these events, especially in relation to other events across your installations that might not be monitored by , you may wish to integrate these Halo events into whatever log-management and analysis or SIEM solutions your organization uses, as described next.
If your organization already uses log-management, log-analysis or SIEM tools such as Splunk, Sumo Logic, Arc Sight, or RSA en Vision, you can leverage their power by integrating Halo log-based intrusion detection with them.By automatically extracting event data from Halo and feeding it into your SIEM solution, you'll gain the advantages of both types of systems: will alert you directly and immediately to the occurrence of events of critical importance, and then your log-analysis tool can evaluate the relationships among those events and any others that may be occurring anywhere in your network, perhaps uncovering additional evidence of intrusion or attack.To perform the integration, you can develop your own scripts using the Events portion of the Cloud Passage REST API, or you can take advantage of existing tools created for this purpose and posted to the Halo Toolbox on Git Hub.Alerts Notification of critical events or activities that require immediate remediation.Reporting Comprehensive and custom reporting to track and report security posture and trends.The policy also specifies which events are to generate Halo alerts.