July 12, 2016

What we offer

  1. LOG MANAGEMENT – Support to establish a log management concept to:
    • Enable logging on relevant devices on multiple networking levels
    • Enable log data collection via state-of-the-art protocols (e.g., rsyslog)
    • Deploy a centralized log store (e.g., Graylog2) and/or connect log streams to AMiner

  2. AMiner – Module to discover anomalies in log data streams
    • Manual model development and configuration to enable log line parsing for individual systems
    • Manual rule definitions to characterize system behavior (whitelisting)
    • Basic correlation of events across system borders
    • Reporting of deviations via e-mail
    • Licensed under the GNU GPLv3 – available via Launchpad or Debian apt-get
    • Feature-compatible with and a more powerful alternative for the tool logcheck

  3. ÆCID TOOL – Suite for automatic configuration, optimization and orchestration of distributed logdata analysis
    • Automatic model development and adaptations to individual system set ups (self-learning with minimum human effort)
    • Semi-automatic rule generation and continuous recommendations to human operators
    • Event parsing, identification and classification in large-scale networks by orchestrating multiple AMiner instances
    • Advanced correlation – through automatic adaptation to individual system set ups – of events across large systems
    • Reporting of anomalies through multiple channels for alerting or SIEM integration, e.g. via mail, syslog, customizable configuration for proprietary interfaces
    • Individual licensing – on request

  4. ÆCID CONSULTING – On-Site support for AMiner set-ups and ÆCID through AIT experts
    • On-site deployment support
    • Fully customized model development for event classification with maximum accuracy
    • Supervision of ÆCID’s performance and periodic re-configuration through AIT experts
    • Integration support of AMiner and ÆCID into individual customer system set ups
    • Interface integration, development of customer specific adapters or detectors
    • Assistance improving incident handling procedures, quality management, e.g. for ISO-27000 certification