CorreLog Enterprise Server
Strengths: Easy-to-manage, web-based server with a good amount of features.
Weaknesses: Documentation could be more in-depth and provide more configuration examples.
Verdict: User-friendly tool with lots of features, but could use a bit more documentation.
The CorreLog Enterprise Server is a powerful application that provides a web-based system that contains a multitude of SIEM capabilities. This product includes a high-speed message collector, indexed search engine, extensible dashboard facility, reporting facility, ticket facility and a correlation engine all packed into an easy to use web application.
Installation of this tool is simple and it takes only a few minutes to get the application up and running. After the installation is complete, all configuration and management is done through the web-based management console. We found this console to be easy to navigate and intuitive to use. The console has a tab-top navigation structure, which allows for quick navigation to easily find data, manage devices and view reports.
This product includes some powerful tools for correlating and analyzing system event logs, syslogs and simple network management protocol (SNMP) trap data against built-in rules and alerts that can be easily customized to meet individual needs. The CorreLog Enterprise Server also has a well-indexed search capability that provides quick browsing of data to locate information by device, facility, severity or message keywords. Also included with the product are many security compliance tools.
Documentation included several PDF manuals. The installation guide details not only how to get the server software itself up and running, but also how to integrate the product with devices to start collecting data. There is also a user manual that provides explanation of the product features and screens. However, we found this manual to be more of an outline rather than a full user manual due to the lack of step-by-step instructions and more of a focus on brief explanations in bullet points. There are also several other guides that provide detailed customization and advanced tool set information.
CorreLog provides 24/7 phone and email technical support as part of a licensing agreement, as well as an online support portal. The support portal contains many resources, including access to training videos, extra documentation and software add-ons.
At a price of $5,000, we find this product to be a good value for the money. The CorreLog Enterprise Server can provide a good amount of log and data correlation, as well as compliance and security alerting, all in one easy-to-manage product.