Cloud security

Nava SIEM Agent 1.2: AWS CloudTrail and Syslog output

Announcing Nava SIEM Agent 1.2. The industry’s leading tool for cloud compliance, audit analytics, cloud forensics, and data retention now supports a fuller set of features, including support for Amazon AWS CloudTrail and Syslog. 

Today we’re releasing Nava SIEM Agent 1.2. This version supports long-awaited functionality, including support for Amazon CloudTrail and output to Syslog.

Amazon AWS and Google Apps are two of the most popular cloud services that offer an API or method of retrieving audit logs. With this release we’re making yet another step in the direction of our commitment to provide a universal cloud logging solution.

Nava SIEM Agent is the industry’s only log management tool with full support for Google Apps and Amazon S3. Use it to bring in your cloud audit logs into your SIEM solution or achieve Google Apps HIPAA compliance. Give it a try today.

Feature Diagram
Here is a diagram of current functionality:

New Feature Details
Amazon AWS CloudTrail
If you use Amazon AWS, then you should be interested in a new service called CloudTrail. All API calls (for supported services) within AWS are logged and available for retrieval and processing. Previously, Nava SIEM Agent already supported Amazon S3 (cloud storage) access logs, but the latest addition with CloudTrail provides unprecedented visibility into the AWS stack and how you use it.
Currently, the following AWS services are supported as part of CloudTrail: (new AWS services are being added)

Amazon Elastic Compute Cloud (Amazon EC2)
Amazon Elastic Block Store (Amazon EBS)
Amazon Elastic MapReduce (Amazon EMR)
Amazon Kinesis
Elastic Load Balancing (ELB)
Amazon Redshift
Amazon Relational Database Service (Amazon RDS)
Amazon Virtual Private Cloud (Amazon VPC)
Amazon Simple Workflow
AWS CloudFormation
Amazon […]

Nava SIEM Agent 1.1 – Retrieve, retain, and analyze cloud audit logs

We’re happy to announce an update to Nava SIEM Agent, our cloud security and audit log retrieval solution. Since Nava SIEM Agent is a relatively new product, we want to answer some frequently asked questions about it in this post.

Many of the changes in this release (Nava SIEM Agent 1.1) are internal but important, including:

Updated to work with with the latest version of the Google Admin SDK libraries
Ability to “Service Account” authentication as opposed to 3-legged OAuth
Selective backlog retrieval

The changes will cumulatively result in better security, improved stability, and scalability to millions of events. For full release notes, please visit this page: Nava SIEM Agent 1.1 release notes.
What are some common use cases for Nava SIEM Agent?
There are several reasons why you might use it:

Google Apps retains audit logs only for 180 days, after which they are gone.
Help perform IP reputation analysis, by comparing IP addresses in audit logs with a database of known malicious IPs.
Help perform offline forensics, without requiring access to the cloud provider.
Help aggregate logs in a centralized logging server.