- Large Sizes. The event log data often possess significant sizes, making them unwieldy for direct analysis. They require processing and transformation to ensure efficient handling.
- Insufficient Indexing and Structuring. The event log data lack adequate indexing and structure, making it challenging to extract valuable insights from them. Proper indexing and structuring are crucial for meaningful UBAM.
- Disparate Timestamps, Formats, and Types. The event log data exhibit variations in timestamps, formats, and types across different sources. This heterogeneity poses obstacles to seamless integration and analysis.
Cybersecurity AI Solution
AI AEGIS Lab Cybersecurity Solution is made of integrated components that manage all cybersecurity data from logs and applications, and use these in a multi-layered AI machines to model the behavior of all entities and processes across your digital landscape, and identifies insider threats be it from trusted users or intruders.
Sample Log File Types AI AEGIS Uses for UBA
User account and access are user login attempts and failures, privilege escalation, session duration, password changes, account creation and deletion, login’s geolocation, multiple-logins, removable device connection, etc.
Web and Internet services regroup features associated with web and other internet-based services such as SMB, email and FTP, HTTP, HTTPS, request methods and URLs, response code and status, request and response headers, request and response payload sizes, rate of API calls, sessions informations (creation, expiration and termination time), security data such as SSL/TLS encryption protocols, access control mechanism and more.
Web and Internet services cover a broad spectrum of actions involving both local and database-stored data, such as file modifications, creation, deletion, upload and download, database queries and transactions, data encryption or decryption, volume of transferred files, changes in file permissions, data and file access patterns.
System and resources metrics are a wide range of measurements such as CPU and memory usage and load, disk read and write operation rates, system uptime and downtime, and more.
Network Activities layer are events such as connections and disconnections (attempts, successful and failure), incoming/outgoing packets, traffic volume and patterns, ports and protocols in use, firewall events (pass, reject, …), firewall rule modifications, ingress and egress points, etc.
App and Process Activities events are related to processes occurring within a machine, such as the execution and termination of apps and processes, and changes in the list of startup apps, application-specific errors or crashes, and exceptions caused by each app.
Security Platforms logs from a wide range of platforms, e.g., monitoring tools, firewalls, antiviruses, intrusion detection softwares, source IP banned due to exceeded number of login failures.
User-defined logs include logs generated by non-popular apps, third-party apps, or custom-tailor made apps, business transaction logs, custom application-specific logs, and more.