Enhance your SIEM with User Activity Video Logs
Limited config & features.
All enterprise features.
ObserveIT dramatically enhances any SIEM or log management application by incorporating video playback of user sessions directly into the SIEM console. This combination provides a number of important benefits:
- Add user session data to SIEM dashboards and reports – including lists of every application run, pie charts showing active users/servers and even detailed listings of specific user actions, all linked directly to video recordings of user sessions
- Correlate system log data with user activity data – with detailed user activity drill-down and one-click access to the relevant portion of any recorded session video, for a much better understanding of what was done by any user on any server in any application
- Fill in SIEM logging gaps – for applications without any built-in logging (including legacy, bespoke, commercial and cloud applications), plus all system areas, on Windows, UNIX and Linux machines accessed via any connection method (direct console, SSH, Telnet, Remote Desktop, etc.)
- Improve regulation compliance and reduce security auditing costs – without the need for complex research and correlation projects, by instantly finding any user action and playing back relevant portions of recorded session videos
Instant Video Replay of Any User Action
Imagine this: Your SIEM dashboard alerts you to a potential security incident. Instead of trying to piece together what the user did by drilling down into system logs, you can simply click the Play Video button and see exactly what the user did!
Open Integration Architecture
Read on to learn about how ObserveIT's open architecture allows for a straightforward integration with SIEM systems and log analysis tool such as:
- CA User Activity Reporting Module (UARM)
- HP ArcSight
- RSA enVision
Splunk with User Activity Logs
Event details are dashboarded across a standard Splunk timeline, with event listings showing exactly what applications, URLs, files and system calls the user touched. A video replay icon is available for each specific user action, allowing you to launch the video replay at the exact moment in time that the user did that action. Download a trial version of the ObserveIT Connector for Splunk.
ArcSight with User Activity Logs
The ArcSight Console shows detailed listings of every user action, including apps run, files touched, titles of windows opened and more. Right-clicking on any action launces a video replay at that action.
CA UARM with User Activity Logs
ObserveIT's video and text logs have been integrated tightly with CA's Access Control platform, with ties into many CA products. With UARM, full ObserveIT dashboard integration provides text log details, breakdown pie charts and one-click video replay at the moment of any action of interest. The CA integration is available directly from CA as a CA line-item product.
RSA enVision with User Activity Logs
All ObserveIT session activity logs are viewable within RSA enVision, including filtering and search based on detailed user activity logging. Each log item can be tied to its video replay. For more information on integrating ObserveIT with envision, refer to EMC's RSA enVision Ready Implementation Guide.
Integrating ObserveIT with a SIEM typically involves integration on two levels: textual activity log (metadata) integration and session video replay integration.
Activity Log Integration
Use your data collector mechanism for importing log data from ObserveIT. ObserveIT's user activity metadata logs can be accessed in one of two ways: either via direct SQL access or via real-time log file polling. Each of these methods directly access the data source, without Web service or API calls.
- SQL Integration
- Log File Integration
Video Replay Integration
Unlike the activity log metadata, the video data is typically stored within ObserveIT's own server, both because of the custom playback functionality ObserveIT provides and because the data load is considered too heavy to continuously add to the SIEM database.
The video replay is available as a single HTTP target even if the ObserveIT database is federated across multiple local installations. The calling application does not need to be aware of actual video storage location.
ObserveIT-SIEM Integration Webinar
Watch the following webinar for more detail about integrating ObserveIT's unique user activity logging and session recording into your SIEM system: