Articles in this section

Logsign SIEM FAQ Follow

  • What is Logsign SIEM?

Logsign SIEM is a SIEM product with advanced properties that allow you to conduct real-time security analysis on your network via the logs it collects from different log sources, allow the network and system managers to create detailed reports via its web-based interface, and to real-timely monitor and react to the attack attempts of various types and at various levels.

  • What are the Key Features of Logsign SIEM?

Cluster and scalable infrastructure

High Availability, Redundancy and Recovery

Simple Deployment and Pre-defined Integrations

Advanced and user-friendly interface 

Rapid search and indexing 

Extensive correlation library 

Pre-defined dashboards, reports

Integrated TI Services

Compliance-ready for GDPR, PCI DSS, HIPAA, SOX, FISMA, ISO/IEC 27001, ISO/IEC 270011, ISO/IEC 27002

  • How to deploy Logsign SIEM

Logsign provides an ISO file for you to make an installation to a physical or virtual server. You can access the ISO file you began to install, and the installation documents on https://support.logsign.com.

  • What are the minimum system requirements for Logsign SIEM installation?

8-12 Core CPU

32-128 GB RAM

2-4 TB DISK

  • How long does the Logsign SIEM installation last?

Once the minimum system requirements are met, Logsign SIEM installation is completed within an hour.

  • Which software languages are used on Logsign SIEM?

While various service-based languages are technologically used, Python and Golang(backend) and React(frontend) are the predominantly used programming languages.

  • Which databases are used on Logsign SIEM?

Logsign SIEM is a NoSQL infrastructure. ElasticSearch is used for hot data requirements and hadoop-hdfs architecture is used for cold data requirements.

  • Is there an integrated TI (Threat Intelligence) on Logsign SIEM?

There are more than 35 integrated TI services on Logsign SIEM that conduct investigations on the TI feed.

  • Does Logsign SIEM work on Cloud systems?

Logsign SIEM can work on virtual machines formed on any cloud environments.

  • How is the normalization process conducted on Logsign SIEM?

Normalization process of Logsign SIEM is conducted via a 3-stage categorization - Event Source Mapping, Event Column Mapping, and Event Mapping. To complete the normalization, the categorization process is conducted for all log sources and the logs they produce. Please visit https://support.logsign.com for detailed information.

  • What is the scope of the support system?

Within the scope of the support system, Logsign SIEM provides its users with a right to create an unlimited number of tickets within the support period. Support can be demanded for any kind of operations regarding Logsign SIEM. Normalization process is not charged when a new log source is added. Logsign SIEM updates are also included within the scope of the support. 

  • Do you offer customers telephone support? Do customers pay additional fees for this? How much more?

Yes, it’s completely free.

  • Do customers get on-site help in deploying the solution/service? For how long is this available for them? Do they pay additional fees for this? How much more?

In deploying the solution, free on-site support is provided. After the solution has been deployed, 30 days of babysitting support is also free.

  • Where are the logs collected on Logsign SIEM kept? 

Coarse versions of the collected logs are kept in raw format, while the normalized versions are kept in json format – both on a compact disc. Normalized panels and logs to be used for reporting purposes are kept on elasticsearch. Please visit https://support.logsign.com for detailed information.

  • Can we create special dashboards, reports, and alerts on Logsign SIEM?

Yes, you can create a limitless number of dashboards, reports, and alerts.

  • What are the collection techniques of Logsign SIEM?

You can use SYSLOG, WMI, SMB, SFTP, Netflow, Sflow, MSSQL, ORACLE, API(Arvento, Forcepoint, GSuite, Office365, Peplink, Wmware), JDBC collector, Checkpoint LEA and Logsign Agent to collect logs.

  • Can mapping be done on Logsign SIEM for log values coming from different sources?

On Logsign SIEM, it can be done by means of a modifier. Therefore, any log data can be used with the purpose of enriching the log of a different source. You can easily conduct the Modifier process from Logsign SIEM web interface. Please visit https://support.logsign.com for detailed information.

  • Does Logsign SIEM give a warning when the storage space it is installed on is full?

Logsign SIEM health check service enables the controlling of the parameters and services that are of importance for your system from one single place. When the storage space is more than 80% full, notifications are made via e-mail and SMS. Please visit https://support.logsign.com for detailed information.

  • How does Logsign SIEM enable data backup? 

Logsign SIEM Focus has the FTP backup feature by means of which you can automatically backup the data. On Logsign SIEM Forest, your data is automatically backed up on HDFS. HDFS allows you to keep as many backups as you like. Moreover, you can use the FTP backup feature of Logsign SIEM Forest.

  • Can compliance reports be created on Logsign SIEM?

Yes, they can. You can access the pre-defined reports via the Logsign SIEM web interface for all the compliances below.

PCI_DSS, ISO27001, FISMA, HIPAA, SOX, GDPR

  • How is Logsign SIEM updated?

You can update Logsign SIEM via the web interface. Please visit https://support.logsign.com for detailed information.

  • Can a search be made among the old logs stored on Logsign SIEM?

Yes, it can. For this, you can use the Offline Reports menu via the Logsign SIEM web interface. Please visit https://support.logsign.com for detailed information.

  • How is the Logsign SIEM storage capacity calculated?

Storage capacity is calculated by using various parameters such as the EPS values of the sources from which the logs are collected, the bandwidth usage, and the number of users. Please visit https://support.logsign.com for detailed information.

  • Does Logsign SIEM use agents?

Logsign SIEM uses an osquery-based agent.

  • Is Logsign SIEM integrated with vulnerability analysis solutions?

Logsign SIEM is integrated with OpenVAS-API. Therefore, you can conduct the vulnerability analysis via the Logsign SIEM web interface, and use the ready reports and correlations. Please visit https://support.logsign.com for detailed information.

  • What is the maximum Logsign SIEM index duration?

The index duration we recommend is two weeks. Based on your needs, you can arrange the desired index duration via the Logsign SIEM web interface.

  • Can we integrate our own TI service with Logsign SIEM?

You can demand support from our Logsign support engineers for the integration works.

  • Can the Logsign SIEM focus license be upgraded to the forest license?

Yes, it can. You can learn the details from our sales representatives.

  • Does Logsign SIEM support SaaS deployment?

Logsign SIEM does not support SaaS deployment.

  • What is the CyberSecurity Framework used in your products?

NIST framework is used both on Logsign SIEM and SOAR products. Mitre ATT&CK is also our focus for future developments and the enhancement of our products.

  • Is your User Behaviour Analytics engine customizable? 

Logsign uses tags user behaviours and uses these tags in user behaviour analytics. These behaviours are predefined and customizable by users. In addition, Behaviours are used for correlations.

Related articles