It was very refreshing finding a product that was this easy to setup and have operational when first starting our testing this month. Typically, we read through pages of documentation and install multiple times to ensure an easy and consistent feeling about a product. With Correlog's SIEM Correlation Server, this was simple and clean. It took no time at all to follow their installation wizard and set up the server component. While we've seen simple setups in the past, what made this one even better was the process in getting logs ingested into the server. From start to finish, this was the smoothest installation and setup to date.
The SIEM Correlation Server utilizes a web GUI to access the system. Upon login, it takes you to the "Home" tab. This has all the quick instructions as well as a Syslog Agent package. To get started, you just need to run the agent package. Once installed, logs start appearing in the dashboards; it's as easy as that. The tabs across the top are intuitive; you can click through them and you can find almost everything you are looking for without reading the documentation. From personal experience, this is a huge advantage as I rarely have time to fully read all product documentation prior to setting up a tool.
Clicking over to the "Dashboards+" tab gives you a quick look into what your top events are by default. Creating new dashboards is a breeze. Just click "AddNew" and you are off. You can choose the layout that makes the most sense and pull from predefined widgets that are linked to charts, gauges, or even summarized from reports. We did spend a lot of time poking through and setting up multiple dashboards, and we were impressed with the simplicity of setup and how you had complete control over content and layout.
Another area we here at SC Labs put great importance on is documentation and support, and here Correlog delivers. With great content links spread across the dashboard, you can find just about anything you need to know. If you do find yourself looking for a bit more focused support, they also offer a web support portal and a community portal as well. While looking through the community portal, we were able to see users on the system sharing different customized scripts that can be implemented to help pull data from other sources. Correlog also has a general blog that discusses product improvements as well as updated information on emerging threats.
CorreLog's SIEM Correlation Server is a perfect fit for any size companies and at a starting price of $5,000 USD for the software package, this is a product worth investigating. With their focus on compliance tasks, this solution is a great starting point for understanding where your security gaps are. Supporting a large range of client operating systems, this system will fit great into any industry, especially those with legacy equipment (Windows XP/Server 2003 are supported).
- Michael Diehl with Dan Cure;
tested by Matt Hreben and Michael Diehl