Solution Overview

cfxLogAnalytics (CLA) is the centralized log management solution that can be deployed on-prem or used as a service through CloudFabrix SaaS portal. The solution ingests logs from multiple tools and enables IT teams with advanced analytics and insights. The solution also leverages AI & ML capabilities to perform event correlation, failure root cause detection and event categorization. Log and event data can be ingested from any managed asset using readily available connectors or plugins. Remote or on-premises environments can use cfxCollector as a proxy between customer environment and cfxLogAnalytics.

The solution leverages Elastic search, Logstash and Kibana as core components, popularly known as ELK stack.

The solution focuses on 3 key areas

1. Log Analysis: Centralized Logs, Multi-tenant (Log Separation), Long Term Archival, etc

2. Traffic Analysis: Noisy Neighbours, Top Services / Protocols, Root Cause Analysis, etc

3. Security Analysis: Threat Originating Regions, Threat Severities, IDP/IDS Logs, Event Correlation, etc.

With cfxLogAnalytics IT teams can

• Garner deep insights and analytics from millions of IT logs and events

• Identify performance blind spots, detect abnormal usage patterns, establish top talkers, chatty applications or perform forensic and threat analysis.

• Performs secure multi-tenant log separation and long-term archival of raw, unmodified logs to meet audit compliance and regulatory requirements.

Log Analysis

IT teams can ingest logs from any managed IT asset, index and archive logs, and get summary analytics, advanced visualization and reporting. Typical logs include Syslogs, Web logs, Application logs, User Activity logs etc.

The app also supports long-term archival of untampered, unaltered logs that may be required for regulated environments for compliance and audit purposes. Archived logs can be organized based on customer desired structure (ex: Datacenter/Date/Hour) and can also be accessed on-demand from portal anytime for download and offline review.

Traffic Analysis

Traffic analysis is vital to any Network operations team. cfxLogAnalytics can ingest Netflow records, flow logs, SIP call logs, packet captures, from various network devices to provide insights about traffic usage patterns, top talkers, noisy neighbors and top services, ports or protocols.

An intuitive chord diagram widget maps out flow pattern between various sources and destinations. Network admins can also drill-down to particular device or interface and gain deeper insights about traffic patterns. Customers can perform basic and advanced search queries or retrieve raw flow records.

Security Analysis

Security information and event management (SIEM) is an essential practice of every security organization. Within the broader SIEM practice, security event management is a key aspect that enables customers to analyze or detect breaches or vulnerabilities based on logs and events collected from firewalls, IDP, IDS and other perimeter or east-west firewall devices.

With cfxLogAnalytics, customers can ingest IDP, IDS logs from various network endpoints and gain insights into hidden security patterns. Portal shows a geomap view of threat originating regions. Suspicious traffic patterns or threats are also aggregated and categorized based on severity. Top traffic originating internal systems can also be easily identified. Suspicious hosts can be selected for further drill down and analysis.