SmartInsights
A SIEM software gives enterprise IT professionals insights about what's happening in their enterprise IT environment by collecting log data, analysing them, and presents the processed data into a single pane of glass, all in one place.
Differences between a typical SIEM and SmartInsights
High Licensing costs, not including the inital invesment in hardware to host the SIEM (Lowered costs thanks to the power of the cloud)
Limited by the hardware capabilities of the system hosting the SIEM (Scalable again thanks to the power of the cloud)
Limited automation as alerts are rules defined by administrators and it does not detect beyond the rules set (Machine Learning can detect abnormal events and alert the administartors and affected user to vaildate the event)
Components
Data Ingestion: A agent is installed on the device and a configuration file is generated by the platform to send data to SmartInsights
Machine Learning: Administrators can specify on how to train the model or use pre-defined parameters to train and deploy the model to infer incoming events
User Authentication and Authorisation: Either use the internal login system which has 2FA support or delegate authentication to an external identity provider. Authorisation is performed through linking of user's roles
Data Analytics: Opt for either table-view of the events or a visual representation (Charts, Number Counts, etc) of all log data
Review Events: If machine learning or metric alerts detect a abnormality, the user will receive a notification to receive the event
Platform Specfics
Coded on ASP.NET Core
Leverages on Amazon Web Services
Platform hosting and database is managed by Elastic Beanstalk
Data Storage is stored in indvidual buckets on S3
Data Ingestion via Kinesis Firehose
Data processing by Glue
Machine Learning provided and hosted by SageMaker
Notification sent by Simple Email and Simple Notification Services