Integration to Security Operation Center
For operational issues prediction and prompt response to security incidents of Application components (e.g. Client-side Application, data transfer channel, Application Backend, SeaCat itself), it is recommended to integrate SeaCat technology with security operation center (SOC). Security operation center monitors 24/7 all aspects of Application components.
Integration with SIEM
Security operation center uses security information such as audit log and telemetry data feed processed by log management, security information and event management (SIEM) and/or Intrusion Detection/Protection System (IDS/IPS) to detect and predict security incidents and operational issues. Security incidents and operational issues are uncovered based on correlation rules built upon categories of events and content of events.
SeaCat Server gathers information from all Application components, from all data streams and from Application Backend monitoring to provide the desired level of visibilitiy. SeaCat Server streams audit log events via files, syslog or CEF-compatible way.
Log events are sent to security operation center via audit log (see logging) event stream which is produced by SeaCat Server.
Audit log events are in compliance with Common Event Format (CEF) standard.