Once a log message is ingested and processed, the contained information is parsed to searchable and indexed fields, making the log easier and faster to analyse. CALM provides a search interface that enables organisations to quickly interrogate and drill into logs from one or more devices in specified time windows. This enables fast troubleshooting and investigation of security incidents, thereby reducing response and remediation times.
With an advanced log management capability, CALM security rules can be defined, which provide organisations with the capability to identify threats and respond before any damage has occurred proactively. The CALM log processing engine enables the correlation of events and enrichment of logs as they ingress the platform. This provides organisations context to logs such as the location of the activity, user-name, threats and devices, which may otherwise have to be looked up manually.
With a native threat intelligence feed from CTC, CALM is updated with current threats every minute and all logs are analysed for Indicators of Compromise (IoC). IoCs that are identified by CALM include IP addresses, Domains, URLs, Filenames and File Hashes. With CTC, CALM enables organisations to automatically and proactively identify threats, and the CTC cloud interface also provides a threat investigation capability for faster forensic investigations.