The Log Correlation Engine, aggregates, normalises, correlates and analyses event log data from the myriad devices within your infrastructure. Since the Log Correlation Engine (LCE) is closely integrated with the Security Centre, you can centralise both log analysis and vulnerability management for a complete view of your enterprise's security.
Each Security Center can manage one or more LCEs. Each LCE can receive system logs, netflow, IDS event, firewall, honeypot and many other types of records. Security Centre users automatically only see LCE events they are authorised to see.
When an LCE receives a log, it normalises it and then performs highly customisable behavioral profiling and event correlation. Each LCE also enables the Security Centre to perform high speed analysis and reporting for many types of events.
An LCE software license is priced on a per installation basis with no limitations on the size of hard drive, number of collecting agents, events-per-second or database licenses. All LCE licenses are sold as upgrades or add-ons to an existing Security Centre. All LCEs support advanced event correlation, statistical anomaly detection and full log search.
