Graphic Airlock Secure Acces Hub

SIEM integration

Airlock makes security visible

The Secure Access Hub is located in the middle of your data flow and knows all details of accesses and security-relevant events. This information is stored in a highly scalable Elasticsearch database and can be explored in Airlock Reporting using various dashboards or user-created visualisations. Whether for troubleshooting or forensic analysis, Airlock has the answer!

Logging and reporting

Airlock guarantees the security of all your data. The Secure Access Hub provides a state-of-the-art logging system to ensure that administrators have an overview of what is going on with their applications. The standardised log format with key-value semantics forms a solid basis for effective troubleshooting, simple reporting and seamless SIEM integration. The well-organised log viewer offers a powerful query language, flexible filters and a dynamic display of relevant data as well as several predefined searches.

Airlock Reporting is integrated with the log viewer and ensures that the forest is still clearly visible despite the many trees, for example, with predefined interactive dashboards to analyse attacks, performance or application problems, and to view various statistics.

User-defined visualisations can easily be created and stored. When drilling down from an unexpected fluctuation in the dashboard to the loglines that expose the source of the issue, you can flexibly switch back and forth between the log viewer and reporting views.

Specialised helpdesk functions

Helpdesks face unique challenges: they must be able to identify the problem immediately while on the phone with the customer and find a solution with just a few clicks. That's why Airlock user management features an activity log for each user, which displays all relevant actions and events for each individual. Helpdesk employees have important information available to them at all times where it is most needed. The advantage? The caller's request can be dealt with in a targeted manner, without wasting time.

Connecting to SIEM solutions

No man is an island and neither is Airlock. In order to provide peripheral systems and SIEM solutions directly with relevant information about application access, Airlock supports the forwarding of events in common formats. For example, Airlock supports JSON as a format for log forwarding and is CEF (Common Event Format) certified, which allows easy integration into most SIEM products.

For Splunk there is also an in-house Airlock Splunk app available, which makes dashboards from Airlock Reporting available for Splunk environments. 

 

 

SIEM integration highlights:

  • Comprehensive logging and reporting for users
     
  • CEF-certified
     
  • Supports JSON for log forwarding
     
  • Simple integration of SIEM systems
     
  • Integration into Splunk, Logpoint, ArcSight
     
  • Airlock app for Splunk

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Information for you

-Our whitepaper-

IT-security solutions

Digitalisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security.

Read our whitepaper to find out how IT-Security will become the pioneer of degitalization.

Request free of charge

Accelerate digitisation

To stay technically viable in this digital transformation, you must increasingly switch to hybrid cloud environments. This requires new security approaches as well as coordinated identity and access management.

Find out more in our whitepaper in collaboration with Deloitte, eperi and SHE.

Request free of charge

OWASP Top 10 for API Security

OWASP has created a new Top10 list for API Security. The top 10 listed reflect a broad consensus on what the most important API security issues are at the moment.

In our whitepaper you will learn how our Airlock API addresses the OWASP Top 10.

Request free of charge