Log Analysis System(LAS)

Intelligent Collection, Efficient Analysis

Home > Products & Technology > Log Analysis System(LAS)

Introduction

QAX Log Collection and Analysis System (LAS) can collect the logs and events of security devices, network devices, hosts, operating systems, database systems, and user business systems from different vendors to the audit center in real time. It will normalize logs and events for further correlation analysis and behavioral analysis, helping managers and analysts to identify security incident timely with the help of the unified dashboard, reports, and dynamic display.

Features

•   Log Collection

The system supports passive acquisition by protocols such as Syslog, Syslog-NG, SNMP Trap, Netflow, etc., active acquisition by file reading, log proxy, etc., and interactive acquisition by API, JDBC, WMI, etc.

•  Event Analysis

The system provides strong and mixed search capabilities, allowing users to search not only for normalized fields of fixed logs, but also for full-text search by keywords, perfectly combining normalization-based log analysis and full-text index-based log search technology.

•  Correlation Analysis

The correlation analysis engine adopts visual editing. Users can construct complex correlation analysis rules through operators and combinations such as 'with', 'or', or 'not' for different fields, and the system supports statistical, logical and temporal correlation, etc. It also supports correlation analysis of multiple event sources through multi-rule nesting or other methods.

•  Log Normalization

Logs will be categorized by levels, and the content will be enriched and complemented. The system retains the normalized logs as well as the original logs, making it easy for users to quickly locate original logs and make forensics. Intelligent normalization technology enhances the work efficiency of log parsing and data processing, making log auditing more concise.

•  Dashboard

Users can quickly obtain the overall security status of the enterprise and organization, with real-time security information in different dimensions, such as trend of total events, device IP distribution, device type distribution, event type distribution, event severity distribution and last 24 hours alerts, etc.

•  Reports

The system provides comprehensive report management, with predefined reports for various servers, network devices, firewalls, intrusion detection systems, anti-virus systems, endpoint security management systems, database, policy modification, traffic, and device event trend reports, which can be customized according to the practical needs.

Values

•  Comprehensive Log Collection and Data Governance

With machine learning, the system provides visual generalization capability and is able to extent log attribute fields. All fields can be involved in correlation analysis, search statistics and reports.

•  Precise Tracing and Positioning

The system provides global geographical database with continuous update. It assists auditors in managing the Intranet IP locations, making both intranet and Internet IP locations precise. It uses map to dynamically show the tracing situation, improving the working accuracy and efficiency.

•  Strong Interactive Analysis

A variety of visual analysis components help users to analyze the search results. The event visualization graphically presents the process of event normalization and correlation analysis, visualizing the interactions between events.

•  Rich API Interfaces

Users can integrate with third-party systems based on the secondary development interfaces. For example, through the authentication interface for authentication, or through the data interface to obtain security alerts found by the log audit system, to obtain various compliance reports.

•  Flexible Deployment

The product form is divided into software and hardware version. The software version can support a variety of deployment methods such as physical servers and virtual machines. Rich hardware specification models can meet different log processing performance requirements. The system supports single-node deployment, distributed multi-node deployment and hierarchical deployment modes.