Log Correlation

Log Correlation



What We Do

Information Security and Policy (ISP) has implemented the Log Correlation Program, an enterprise grade audit logging and analysis software solution (based on HP ArcSight), to aid in managing, correlating, and detecting suspicious activities related to the campus' most critical data assets. All systems which meet the classification standard as an Institutional Device for Protection Level 2 data are eligible to participate in the program.

Why We Do It

This service's advanced detection capabilities enable ISP to collect, correlate, and report on security events from critical data assets in real time, so that ISP can alert technical contacts of unusual or unauthorized activities immediately. The ArcSight infrastructure allows us to make real-time correlations across multiple dimensions (identity, vulnerability, asset, time, patterns and other events) and a wide variety of both local and campus-wide log sources, including:

  • Local system and application logs
  • Central campus firewall logs
  • Calnet authentication events
  • Intrusion detection alerts
  • Vulnerability scanning results

These advanced correlations allow ISP security analysts to rapidly detect if a system has been successfully attacked, is currently being probed for attack, or to detected advanced threats before they cause serious damage.

Who Benefits

All systems which meet the classification standard as an Institutional Device for Protection Level 2 data are eligible to participate in the program. This program benefits campus administrators meeting policy requirements to protect PL2 data, and by offering enhanced detection, protects the privacy of individuals with sensitive information on campus information technology systems.

How to Get Started

Please email security@berkeley.edu if you support systems and applications involving PL2 data and you would like to get started with our Log Correlation services.

Service Details and Additional Information

Service category