Log Correlation

Overview

The Log Correlation Program is an enterprise-grade audit logging and analysis software solution (based on HP ArcSight), to aid in managing, correlating, and detecting suspicious activities related to the campus' most critical data assets. All systems which meet the classification standard as an Institutional Device for Protection Level 2 data are eligible to participate in the program.

This service's detection capabilities enable us to collect, correlate, and report on security events from critical data assets in real time and alert technical contacts of unusual or unauthorized activities immediately. The ArcSight infrastructure allows us to make real-time correlations across multiple dimensions (identity, vulnerability, asset, time, patterns and other events) and a wide variety of both local and campus-wide log sources, including:

  • Local system and application logs
  • Central campus firewall logs
  • Calnet authentication events
  • Intrusion detection alerts
  • Vulnerability scanning results

These advanced correlations allow our security analysts to rapidly detect if a system has been successfully attacked, is currently being probed for an attack, or to detected advanced threats before they cause serious damage.

How to Get Started

Please email security@berkeley.edu if you support systems and applications involving PL2 data and you would like to get started with our Log Correlation services.

Service category