Open Source Java SIEM Tools

Cyberoam iView; the Intelligent Logging & Reporting solution provides organizations network visibility across multiple devices to achieve higher levels of security, data confidentiality while meeting the requirements of regulatory compliance. To know more about Cyberoam and it’s security solutions visit us at www.cyberoam.com.

A C++ file security filter driver example implemented with EaseFilter File Security Filter Driver SDK. EaseFilter Comprehensive File Security SDK is a set of file system filter driver software development kit which includes file monitor filter driver, file access control filter driver, transparent file encryption filter driver, process filter driver and registry filter driver. In a single solution, EaseFilter Comprehensive File Security SDK encompasses file security, digital rights management, encryption, file monitoring, file auditing, file tracking, data loss prevention, process monitoring and protection, and system configuration protection. EaseFilter file system filter driver is a kernel-mode component that runs as part of the Windows executive above the file system. The EaseFilter file system filter driver can intercept requests targeted at a file system or another file system filter driver.

The EaseFilter File Control SDK is a powerful development toolkit for creating robust, kernel-level file security and data protection solutions on the Windows platform. It includes a high-performance file system filter driver that intercepts and manages all file I/O operations in real time, giving developers deep, granular control far beyond what is possible with standard Windows APIs or Access Control Lists (ACLs). The EaseFilter Control Filter Driver provides a powerful method for intercepting file I/O operations at both the pre-operation and post-operation stages. This dual-layered interception enables comprehensive monitoring and enforcement of file access policies.

JMassLogProcess is an next generation SIEM solution, based on high performance syslog and snmp trap collector(up to 20,000 logs/s),Distributed File System(Hadoop),Complex Event Processing Engine and ZK …….

LogSECA is a tool that lies on the top of SIEM concept and on XDAS OpenGroup standard. It provides the following main capabilities: » secure and reliable retention of audit records for reliability and accountability, even in case of the source of event/log fails or the logs on it are accidentally or intentionally cancelled; » correlation of audit records in order to identify violation of security policies in the different data centres of the cloud infrastructure, which it would be impossible to do if each data centre processed events separately; » alerting and notification to the interested parties (e.g. security manager of the storage infrastructure); » control on the status of the corrective actions; » reporting at different levels (for basic audit inspection, statistical) and for different purposes (for final users, for internal purposes, for auditing). The design and development of this prototype have been partially founded by the VISION Cloud EU FP7 project

The EaseFilter Process Filter Driver SDK is a kernel-mode development kit designed to help developers monitor and control Windows process and thread activities. By intercepting process and thread operations at the kernel level, it enables the development of robust security applications that can prevent unauthorized or malicious processes from executing. With the Process Filter Driver, it allows you to prevent the untrusted executable binaries (malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available.