The Bsafe/Cross-Platform AuditTM is an enterprise security information and event management system (SIEM), aimed at organizations running computer systems from many different platforms. The CPA consolidates platform-specific audit events and makes them available to auditors and administrators in an intuitive and easy-to-use interface. It does this while maintaining a high level of granularity to filter events by platform-specific characteristics.
The CPA lets you monitor the activity of a user across different computers on different platforms and present that activity on screen in event log and graphical format.
The Platforms:
- IBM i
- IBM Mainframe
- Windows
- SQL Server
- Unix/AIX
- Linux
The Bsafe/Cross-Platform Audit logs raw transaction data and, through a variety of online filtering, reporting and dashboard tools, provides meaningful information that can give valuable insight to the organization. It has the ability to monitor activity on all the organization's computers and analyze it in a consolidated manner. For example, a user in an enterprise application might execute a series of transactions across different platforms - something which doesn't draw interest when looked at on the level of one computer but could be seen in a different light when the entire audit trail is examined.
Using the CPA, system activity and user behavior can be analyzed as a consolidated chain of actions executed across different computers. The global users function allows tracking of a user's trail under various user IDs they have used on different computers and platforms.
How it Works
The CPA monitors and collects security audit events as they occur on each computer. There, they can be viewed and sorted directly and are made ready to transfer to the consolidated central data repository when requested.
The importing of audit data from each computer to the central data repository can be executed at any time and also be scheduled to take place at pre-defined days and times. You have the flexibility to specify specific groups of audit events for import.
The audit events imported from the different platforms are stored in the CPA in a uniform format so they can be filtered, reviewed and analyzed as if they originated on the same computer.
Main Features
Multiple Event Types: Including system events, field-level data before and after change, user actions, policy deviations, TCP/IP events, SQL statements, object-specific events and more.
CPA Alert Center: Set up alerts that can be triggered when selected events are identified, based on specific event parameters. Alert events can be set to trigger notifications by email, screen pop-up and by routing the message to Syslog by specifying the IP address of a Syslog host.
SOC: A graphical tool for the analysis of security audit events, trends and incidents (see detail later, in this document).
Audit Policy Management: Define the types of events to be logged by your computers.
Compliance Tools: Create template-based compliance policies with deviation checking and repair options. Ready-defined reports, alerts and templates for compliance.
