Monitor security logs with Defense.com™ SIEM

Monitor everything

Monitor everything

Collect security logs from any source including endpoints, servers, network devices and cloud platforms.

Detect threats

Detect threats

Identify and investigate suspicious activity across your network with detailed log queries for common attack types.

Prevent breaches

Prevent breaches

Quickly detect and investigate security incidents to help you remediate threats and stop attacks from spreading.

Cloud-native

Cloud-native

Scale your SIEM deployment cost-effectively with our SaaS-based, cloud-native platform.

Complete visibility Complete visibility

Complete visibility

Ingest and monitor security logs from on-premises devices and cloud deployments to detect malicious activity across your whole environment.

Defense.com™ dashboard

Advanced searching

Build your own custom queries to quickly search up to 90 days of always-hot data, plus get up to 365 days of archive log data storage as standard to meet your compliance needs.

Manage security threats Manage security threats

Manage security threats

See threats from all areas of your environment in a single dashboard. Automatic threat prioritization enables you to focus on the most critical tasks first, saving you time and resources when investigating security events.

Learn more about our log monitoring tools

Log sources

Defense.com can receive logs from any source, system or vendor that provides security value, including:

  • WAF, Load Balancers, etc.
  • Office 365 user activity
  • Firewalls, switches and routers
  • IDS and HIDS logs
  • Endpoint protection logs either from your existing solution or via the Defense.com EDR agent
  • Incident response agent (supplied by Defense.com)
  • Windows/Linux servers
  • System logs
  • All AWS services (EC2, Lambda, CloudWatch, etc.)
  • All Azure service (Event Hubs, AD, ATP, etc.)
  • Application logs
  • Cloud services (GCP, Mimecast, Salesforce, etc.)

Log collectors

For collecting logs within your network, you’ll get access to the scripts and documentation for setting up a log collector using Ubuntu or Windows. This needs to be installed on a standalone virtual or physical machine inside your network.

Once this is complete, you will be provided with agents (Winlogbeat, Filebeat, etc.) which will need to be deployed to your client devices. The agents will send the logs from your client devices to the log collector. Once the logs have reached the collector(s), they will be sent to Defense.com for processing. Logs are encrypted when transferred via your client devices to the collector, as well as from the collector to Defense.com.

Since the Defense.com SIEM platform is SaaS-based, there is no need to build or maintain any further physical infrastructure in your environment.

For cloud platforms, it is preferable to collect logs via the vendor's API. Our Customer Success team will be on-hand to assist you with onboarding and ensuring that all of your logs are being ingested correctly.

Managed log monitoring service Managed log monitoring service

Managed log monitoring service

Log monitoring (SIEM) platforms can be difficult to see value from and manage effectively if you don’t have the right resources in place to detect and manage security alerts.

That’s why we offer a fully managed SIEM service. Our Service Operations Centre (SOC) will monitor your logs 24/7 on your behalf, alleviating the pressure on your team and enabling you to focus on other tasks.

Learn more Managed SIEM

Frequently Asked Questions

Log file monitoring is the process of collecting and observing log files from operations with your network. These data files provide detailed information from operating systems, servers and applications, and enable organizations to effectively monitor devices across their network.

These log files could come from many different sources, including:

  • Security logs
  • Office 365 user activity logs
  • Domain Name System (DNS) logs
  • Application logs
  • System logs
  • And many more

Log monitoring is also known as Security Information and Event Management (SIEM) technology. SIEM platforms, such as the one included in Defense.com™, enables your business to collect, observe, filter and analyse log files to detect malicious activity inside your network.

Unlike other vendors on the market, with Defense.com™ there is no limit on the number of logs you send to us. The only limitation is the number of log sources you are looking to monitor, which means you don’t need to worry about log counts.

This makes Defense.com™ a scalable SIEM solution for your business, as opposed to other traditional SIEM vendors with pricing based on log volumes.

As standard we provide up to 90 days of logs for immediate searching via your Defense.com™ account and up to 12 months offline. All logs are stored in a forensically-compliant manner.

We can also cater for any particular requirements that your business has, such as the retention of logs for regulatory compliance purposes.

By using log file monitoring tools, it is possible to spot unusual activity within a network, diagnose if it is a credible threat and take any necessary action.

For example, if your logs are showing that there has been multiple failed login attempts for an administrator account, you can investigate this further to identify if a hacker is attempting a brute-force attack.

Defense.com™ log file monitoring enables you to self-manage your logs and security alerts from a single dashboard.

If you don’t have the time or resource to manage your logs yourself, our Managed SIEM service can help. Our team of trained SOC analysts will provide 24/7 threat monitoring, proactively investigate any risks and notify you if there is a security event, freeing up your time to focus on other tasks.

Protecting the world’s leading brands

Dell logo Dell logo Dell logo
Ocado logo Ocado logo Ocado logo
Agilico logo Agilico logo Agilico logo
Blue Zinc logo Blue Zinc logo Blue Zinc logo

Learn more about Defense.com™ log monitoring

Book a demo today to see how Defense.com™ can help you monitor security logs and detect suspicious activity in your network.