Threat Intelligence Data Analytics


EventLog Analyzer provides support for log data from threat intelligence solutions such as Symantec Endpoint, Symantec DLP, and FireEye. The solution provides out-of-the-box reports and alert conditions that help in detecting and mitigating external security threats at the earliest. The predefined reports can be exported in various formats (PDF, CSV, and HTML). Report generation can also be automated using the Schedule report option. The report groups are:


How to add a threat intelligence solution

Go to Settings > Configurations > Threats > Add Source 

   

  1. Associate the device in which the threat intelligent solution has been installed. Logs will be collected/imported from this device.
  2. Select the type of application - FireEye, Symantec Endpoint solution, or Symantec DLP application.
Note: The device you're associating should have been already added. If not, add the respective device first and then associate it to the threat intelligence solution.

Configuring McAfee

To configure McAfee in EventLog Analyzer, please follow the steps below.


FireEye Log Data Analytics

 

The reports provide information on: 

 

It also provides reports that give information on top:


Symantec Endpoint Solution Log Analytics

 

 

The reports provide information on:

 

EventLog Analyzer also provides reports on top:


Symantec DLP Application Reports

 

The reports provide information on top:

An overview report is also provided.

 

Malwarebytes Reports

 

The reports provide information:

A sample report is also provided.

 

CEF format Reports

 

 

Get download link