Skip to main content
Version: 3.25

SIEM

Introduction

The senhasegura solution enables the collection of advanced information and environmental events. These events and information can be sent to Event Management and Security Correlation, Security Information and Event Management, or simply SIEM solutions.

Objective

The purpose of this section is to assist users with administrator privileges to configure senhasegura environment monitoring for incident detection and notification via email, screen, SMS, and messaging protocols.

Operation

The senhasegura solution's monitoring system allows the collection and transmission by various means, such as SMS, instant messaging, e-mail and call opening, of information of aspects that are being monitored in the environment. The senhasegura monitoring module enables its use to monitor a range of solution metrics, from table identifier information to running robots.

SIEM solutions enable the organization's Information Security administrators to view and track activities in the T.I environment by collecting log data generated by the senhasegura solution.

From this log data, the SIEM solution identifies, categorizes, and analyzes incidents and events, enabling security incident reporting as potential malicious activity, and alerting if any potential security threats are detected, according to with the rule set configured in the environment.

Some of the alerts that can be sent by senhasegura include: authentication of a user on the appliance, remote login to a device, senhasegura server malfunctions, or password expiration.

senhasegura is compatible with the most widely used SIEM tools on the market, and supports messaging in CEF, Syslog (RFC 5424) and Sensage formats.

About messages in CEF format

CEF is a message format designed to standardize information delivery to SIEM. The message header is filled as follows:

  • Version: CEF0

  • Device Vendor: MT4

  • Device Product: senhasegura

  • Device Version: senhasegura Version

  • Signature ID: Event Type ID

  • Name: Event Type Name

  • Severity: 10 - event type criticality

In addition, the event values and the msg key with the event message are in the message values.

About messages in RFC5424 format

In this mode SYSLOG messages are sent according to RFC5424. The fields are set to the following values:

  • priority: according to event type

  • facility: 1 (user)

  • App: senhasegura

  • procid: PID of the current process

  • message: event message