Security Management Solution 2.7.2 enhances forensic investigations of security events
ExaProtect announced Security Management Solution version 2.7.2. This latest release further extends and enhances SMS’ in-depth forensic analysis capabilities on security event and system logs with a new ‘replay’ mode.
Using the enhanced forensics capabilities of SMS 2.7.2, IT staff get a deeper insight when investigating security events, performing historic log analysis, or when assessing the effects of changes to security policies and rule sets.
With the replay wizard, users can choose start- and end-times from which to replay event logs, and can also import and correlate new data or log sources to supplement those stored in SMS. This includes information that was not originally logged and stored by SMS as part of normal event management.
For example, a log of external IP addresses from which hacking attempts on the network were launched can be imported and correlated with stored data. This will then highlight any new alerts generated from correlation of the additional data — helping IT staff to pinpoint the origins of attacks. Users can also replay existing events with new or altered correlation rules, for simulation or forensic purposes.