nuSIEM is the only solution needed for advanced logging, log archiving, and content archiving. Supporting popular firewalls, switches, routers, and load balancers along with Windows/Linux servers, applications, and other network devices, nuSIEM is able to perform fully normalized and correlated event processing. Furthermore, it can provide basic normalized data structures for custom data types from just about any source – including reading files locally on a system.
Secured Log Reception & Transport
nuSIEM receives logs through an encrypted, secure tunnel. As the logs are securely received, nuSIEM timestamps and creates unique 160-bit SHA1 hashes of the log data to provide a forensically sound fingerprint of the log data.
Live Data Storage
nuSIEM's primary data source for reports is from the live data store. The live and reportable data is set based upon the service selected at the time of device provisioning.
Archived Compressed Data Storage
nuSIEM's archived, compressed data storage allows for long-term secure storage of logs which have moved past the live data retention level configured for a device. The archived data store is set during device provisioning. In the event an incident is identified and reporting is required for data held within the archived compressed data store, data can be remounted into the live data store.
The nuSIEM agent is a high-performance, multi-platform log collection and transport solution. The agent supports many different operating systems such as Linux (Debian, Redhat, Ubuntu), BSD, HP-UX, IBM AIX, Solaris, Android and Microsoft Windows. The agent is very fast and extremely lean on system resources. Log messages can be buffered in memory or on disk in order to avoid losing messages. nuSIEM also supports different protocols on the network and transport layers such as TCP, UDP, TLS/SSL and Domain Sockets.