CorreLog Correlation Server v5.1.0
Strengths: Simple to deploy SIEM that covers all the basics.
Weaknesses: Lacks some high-end features, such as an interactive report generator.
Verdict: Excellent SIEM, especially for smaller networks with limited server resources.
SummaryThe CorreLog Server is a web-based solution that leverages browser technology to present an easy-to-use, multi-platform interface that stresses point-and-click simplicity for the harried network administrator. Designed from the outset as a product that supports regulatory compliance objectives, as well as security posturing, CorreLog Server is chock full of features and reporting capabilities.
The product can be installed under two distinct scenarios, where it operates as either as a "Small Business Server" or as an "Enterprise Server." The "Small Business Server" configuration was chosen for testing because it features the capabilities of the Enterprise Server, but without the high-end hardware and processing requirements associated with the Enterprise Server implementation.
That said, the Small Business Server configuration proves to work fine under virtualized environment, using a virtual PC as a host. The product runs on a variety of Windows operating systems, including Vista, XP and Windows 7, as well as various editions of Windows Server. That helps to make the product very flexible to deploy and eliminates the need for proprietary hardware and high-end server components.
CorreLog Server relies on an included version of Apache Server for access via a browser, and browser security is handled via an included copy of Apache SSL Server. Installation was straightforward, requiring only basic networking knowledge, and used a wizard to install and configure the product. There are a few manual steps. However, the PDF-based quick-start guide makes it almost point-and-click easy.
Once installed, the main management console is accessed using Internet Explorer v7 (or equivalent). On initial logon, the administrator will need to set up accounts and passwords. Once again, that proves to be easy, allowing administrators to get the system ready for full deployment rather quickly. CorreLog Server uses a client/server model to gather information.
Installing the client application is by no means complex, but it can take some time on a larger distributed network. One caveat is that the client should be installed on every system that interacts with the network internally and falls under the purview of compliance, security or performance.
Integration and setup aside, the real meat and potatoes of CorreLog Server is the information it can provide to a network manager - which is key when it comes to a security information and event management product. Here, CorreLog Server offers several reporting capabilities and, interestingly, integration into Microsoft Excel, which gives analysts some flexibility when analyzing specific events.
In short, CorreLog server offers a lot of bang for the buck and proves easy to install and use. Excellent documentation and very good support highlight some of the advantages offered by the product, while reporting flexibility paired with Excel integration make it a valuable ally for the harried compliance officer.