The Secure Access Hub is located in the middle of your data flow and knows all details of accesses and security-relevant events. This information is stored in a highly scalable Elasticsearch database and can be explored in Airlock Reporting using various dashboards or user-created visualisations. Whether for troubleshooting or forensic analysis, Airlock has the answer!
Logging and reporting
Airlock guarantees the security of all your data. The Secure Access Hub provides a state-of-the-art logging system to ensure that administrators have an overview of what is going on with their applications. The standardised log format with key-value semantics forms a solid basis for effective troubleshooting, simple reporting and seamless SIEM integration. The well-organised log viewer offers a powerful query language, flexible filters and a dynamic display of relevant data as well as several predefined searches.
Airlock Reporting is integrated with the log viewer and ensures that the forest is still clearly visible despite the many trees, for example, with predefined interactive dashboards to analyse attacks, performance or application problems, and to view various statistics.
User-defined visualisations can easily be created and stored. When drilling down from an unexpected fluctuation in the dashboard to the loglines that expose the source of the issue, you can flexibly switch back and forth between the log viewer and reporting views.
Specialised helpdesk functions
Helpdesks face unique challenges: they must be able to identify the problem immediately while on the phone with the customer and find a solution with just a few clicks. That's why Airlock user management features an activity log for each user, which displays all relevant actions and events for each individual. Helpdesk employees have important information available to them at all times where it is most needed. The advantage? The caller's request can be dealt with in a targeted manner, without wasting time.
Connecting to SIEM solutions
No man is an island and neither is Airlock. In order to provide peripheral systems and SIEM solutions directly with relevant information about application access, Airlock supports the forwarding of events in common formats. For example, Airlock supports JSON as a format for log forwarding and is CEF (Common Event Format) certified, which allows easy integration into most SIEM products.
For Splunk there is also an in-house Airlock Splunk app available, which makes dashboards from Airlock Reporting available for Splunk environments.
SIEM integration highlights:
- Comprehensive logging and reporting for users
- Supports JSON for log forwarding
- Simple integration of SIEM systems
- Integration into Splunk, Logpoint, ArcSight
- Airlock app for Splunk