1. Introduction

UserGate Log Analyzer (UserGate LogAn, LogAn) is a solution that implements SIEM (Security Information and Event Management) and IRP (Incident Response Platform) system functions.

A SIEM system is a system that manages security information and information security events. UserGate LogAn collects and stores data from various sources (sensors), such as UserGate Next-Generation Firewalls, UserGate endpoints control and monitoring systems, SNMP sensors, and WMI sensors. The processing result is presented in a unified interface that is available to security analysts, which makes it easier to study the unique patterns of security incidents. Based on the received data (events), LogAn uses analytics rules to aggregate and correlate (i.e., link together) disparate repeating events, producing cybersecurity incidents as a result. Incident response rules provide a way to determine automatically how to respond to information security incidents.

To investigate cybersecurity incidents, an IRP system is used that is part of UserGate LogAn. An IRP system is a platform for managing the processes of responding to information security incidents. UserGate LogAn allows you to customize the incident investigation process to the needs of a specific company.

LogAn is available as a hardware and software system (HSC, appliance) or as a virtual machine image (virtual appliance) designed to be deployed in a virtual environment.