Logsign Unified SIEM Architecture

Our goal is to deliver automation-driven cyber security solutions with software that’s easy to use, easy to customize, and easy to scale. It starts with ensuring Logsign SIEM runs smoothly while providing a service that scales to meet all ever-changing needs.

As the companies grow and their needs change, the technology has to scale to meet the demand for performance and reliability. Logsign SIEM is built on an enterprise-level operations and technology architecture that exceeds industry standards and future-proofs for all businesses. The following diagram gives an overview of the technical architecture. See the rest of the article for explanations of the parts.

 

photo_2023-02-13_15.44.36.jpeg

 

A Redundant and Distributed Environment

Logsign SIEM is the first Hadoop-embedded SIEM solution. So that brings the advantages of having a scalable architecture as horizontal and vertical. The architecture can scale horizontally to handle much more EPS volume and vertically to manage the nodes as a role and service-based redundancy. 

The architecture can be designed as an active-active cluster with high availability for enterprise-grade architectures. Thanks to its high-capacity data collector for distributed environments, you can deploy Logsign SIEM fast, hassle-free and straightforward in hybrid environments. 

 

Extensive Integration Framework

Logsign SIEM has 400+ built-in data collection integrations for faster deployment. This integration library can collect all the data from all necessary event sources within a single day. If you want to integrate a new device, you can create a custom parser quickly and efficiently in rule-based, CEF, key-value, and JSON formats. Also, the Logsign product team provides new integrations without any additional cost.

With over 100 built-in response integrations, Logsign SIEM runs the automated and semi-automated response actions efficiently to secure the network. You can respond automatically on firewalls, DLP, NACs, EDR, AD, Endpoint protection devices, and 3rd party TI and take actions with a single click for investigation tools.

 

Integrated Threat Intelligence

Logsign Threat Intelligence service is embedded in Logsign SIEM and includes both public and branded TI feed integrations. With 45+ global and well-trusted TI feeds, Logsign SIEM enriches the data and provides insights to detect threats and attacks. 

Furthermore, the Logsign TI service prioritizes data security, processing customer data in real-time without extracting it from on-premises servers. This ensures that your data remains protected, enhancing security while providing invaluable insights.

 

LEAF Mode for Distributed Environments

Logsign LEAF is a high-capacity data collector that collects all kinds of data and sends them to the central Logsign SIEM server. It is a solution for organizations that want to collect data from distributed locations.

Logsign LEAF data collector collects all the data with or without an agent, normalizes, classifies, and sends it safely to the central SIEM with a secure connection by tolerating the connection errors.

 

Was this article helpful?
1 out of 2 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.