Absolute recently introduced the integration of Absolute alerts with Security Information and Event Management (SIEM) solutions. Today’s SIEM solutions gather, analyze, and present a holistic view of information from network and security devices, including: identity and access management applications, vulnerability management and policy compliance tools, operating system, database and application logs, external threat data and important information from endpoint security applications such as Absolute Data & Device Security (DDS).
Absolute DDS is a key part of our customers’ defense-in-depth security strategies, which rely on multiple technologies to protect against a range of potential threats. Alert data generated by Absolute DDS and other security solutions can be fed into existing SIEM solutions and analyzed in context, offering a holistic view of an organization’s entire security posture. Examples of alerts sent from Absolute DDS to SIEM include:
- Notifications that other security solutions have been damaged or disabled (anti-malware, encryption, SCCM) – even if devices are off the network
- Notifications of changes to a device (e.g. username change, OS change, hardware change)
- Notifications of blacklisted software installations
- Notifications that required software has been removed
- Any custom alert created by an Absolute DDS customer
You can download the Absolute SIEM connector to export alerts generated in Absolute DDS directly to your SIEM solution for incident management. The SIEM Connector uses the syslog protocol to send these alert events. Detailed instructions for downloading, installing, and managing the Absolute SIEM Connector are available in the Absolute SIEM Connector Install Guide on the Documentation page in Customer Center.