0 Replies Latest reply on Jun 5, 2016 11:29 PM by ysaleh

    Is there a document that describes exactly what is logged by the agents?

    ysaleh Rookie

      I'm looking for a single document that lists all the different items that are logged by the agent (user, host, date/time, action, event, etc.). I realise that this document would probably need to have multiple sections with each section dedicated to the different modules (Patch, Device Control, etc.) and that there would be several tables within each section for different logging levels (trace, diagnostic, information, etc.).

       

      I am aware of the document that lists the location of the different log files, but not of one (single document) that lists what information is gathered and where that information is sent or stored (not just in terms of what log files, but preferably which back-end database).

       

      The reason I ask, is that I am writing a detailed design document for a HEAT EMSS client who is in the defence industry and HEAT is one of a complex array of security solutions that are being integrated, including SIEM solutions, for a new air-gapped network. Scanning through all of the available HEAT documentation or finding that information through my demo running on a virtual machine is not only laborious and time consuming, but also prone to errors and most likely incomplete. If there's a document that has all that information in one place it would make the process of integrating with COTS SIEM solutions a lot easier. It is also important to document this type of information, particularly on such a project as I am working on, for compliance and accreditation against strict government and defence industry standards.

       

      I realise that this is a mammoth task and one that could be commercially sensitive or have IP implications, but I have to ask.