The tool analyzes all event messages to identify patterns of attack, filters out false positives and prioritizes critical events. Incident information is accessible from nearly all screens within the LOG Storm GUI. This product improves the quality of alerts by incorporating vulnerability data into its correlation technology - allowing alert administrators to better determine if the monitored assets are vulnerable to certain threats. Another interesting feature is its behavior-based analytics aiding in the identification of new attacks that follow similar patterns to past attacks, but use different types of connections that attempt to bypass signature-based countermeasures.
The workflow management functions provide best-practice recommendations for remediation, mitigation, centralized case tracking and automated notification, so incident response personnel know what to do and administrators have clear insight into the actions of their team. LOG Storm provides an array of reports to aid in investigating incidents and preparing for audits, including the standard compliance package.
Log Storm was delivered to our lab as an appliance, along with "Initial Setup" and "Quick-Start" guides. Following the instructions provided by BlackStratus made the application configuration go well. Identifying networks and registering assets was simple. Adding systems and devices was straightforward, and we were impressed with the list of agent types that were available. The dashboard was fairly easy to navigate. It took some time to learn the features under each tab. The help function was easy to read and the instructions for most tasks were simple to follow. There was a bit of trouble trying to create the desired "Custom Rules" to use for the testing. We did not find a way to create keywords inside the rules. The intention was to generate an alert trigger and an incident for detection of common hacker tools that were downloaded and used on the network. However, it should be noted that the "System Rules" were easy to set up and modify.
Support is divided into multiple tiers beginning with 24/7/365 no-cost service during the product's trial period. Pay for services options include three levels: platinum, gold and standard. All three includes virtual helpdesk and troubleshooting information online, software and signature updates, expert help for managing security incidents, and delivery of new agents as they become available. Platinum provides 24/7/365 live phone support; gold provides 9 a.m. to 6 p.m. (EST) live telephone support, seven days; and standard provides 9 a.m. to 6 p.m. live telephone support, Monday to Friday. In addition, BlackStratus provides assistance from the company's website: a product knowledge base and a FAQ. The costs for the respective options are based on a percentage of the list price: standard: 20 percent, gold: 25 percent, and platinum: 30 percent. Overall, this product is properly priced and a value for an entry point into SIEM.
This is a quality product with great potential.