Configure Security Event and Incident Management (SIEM)

SIEM systems are designed to provide a holistic view of network and application security. Once implemented, a SIEM system can help identify attacks and breaches in real time. This has obvious benefits for network security, compliance, and protection of an organization's reputation. It is better for an organization to respond quickly to any attack than to discover after the fact when the damage is done, and data has been compromised.

One aspect of a SIEM system is the deployment of tools to analyze network device logs in real-time. In this way, suspicious activity and known threats that leave well-known signatures in logs can be spotted, and system administrators alerted quickly. Automated responses can often be triggered to counter attacks in real-time.

Tune the SIEM to:

  • Look for successive logins without associated logout events to identify potential misuse in this area.

  • Look for suspicious activity in audit logs to identify potential misuse.

  • Send an alert when a new account is created on the LoadMaster.

  • Review log data from the Active Directory (AD) and LoadMaster and generate alerts based on any account changes associated with LoadMasteradministrative accounts.

  • Send an alert when a LoadMaster account is deleted.

You should configure the SEIM, to use Syslogd information and report the results to the Security Manger. For further information on how to configure SEIM, refer to the relevant third-party product documentation.