Security, et al

Randy's Blog on Infosec and Other Stuff

«  Epic Fail on Intuitive Us... | Chances are Someone is Tr... »

LOGbinder SQL Released!

Tue, 01 May 2012 15:37:35 GMT

I am excited to announce the release of our latest audit logging agent over at LOGbinder.com...

Introducing LOGbinder SQL

Our LOGbinder SQL agent enriches SQL Server’s cryptic and generic audit messages to produce easy-to-understand audit log events. Similar to LOGbinder SP, these events can be output to the Security log a custom Windows event log, where any log management or SIEM solution can collect, alert, report, and analyze.

SQL Server Audit Log Processing

SQL Server 2008 introduced a totally new audit logging facility which is critical to enterprises storing sensitive information and/or processing important transactions in today’s demanding compliance environment.

SQL Server Audit is flexible in terms of audit policy and comprehensive in relation to the breadth and depth of objects and actions that can be audited. However, the audit data generated by SQL Server needs additional refinement and processing before it can be relied upon as a usable audit trail and managed by your existing log management/SIEM solution.

Refines the cryptic SQL audit log

The audit records generated by SQL Server audit are cryptic and difficult to understand. Basically, one log record format is used for documenting everything from an insertion on a table to a modification of a stored procedure. And while SQL Server can write events to the security log, it uses the same event ID for all events, and the IDs and keywords are not resolved. Thus, it requires in-depth knowledge of the SQL audit model in order to decipher events.

  

Frees SQL audit logs from their proprietary format

The preferred and highest performance option for audit log output results in a proprietary file format that cannot be parsed by log management/SIEM solutions using typical text log file-based parsing engines.

Our new LOGbinder SQL agent processes the proprietary formatted SQL Server audit log and enriches SQL Server’s cryptic and generic audit messages to produce an easy-to-understand audit log event which then outputs to the Windows event log, where any log management or SIEM solution can collect, alert, report, and analyze.

Enriches SQL audit logs without impacting SQL Server performance

LOGbinder SQL can be installed either on the SQL server itself or, to eliminate any impact on business database functions, you can deploy a separate server with the LOGbinder SQL agent, processing audit logs from multiple SQL Servers via share folders.

Connects SQL Audit to Your SIEM

LOGbinder SQL fills a critical gap between enterprise database servers and audit log management solutions, allowing you to obtain a clearly-written and easy-to-understand audit log that is accessible to your existing log management solution. Similar to our efforts with LOGbinder SP, we will be working with log management and SIEM solution providers to build recommended alerts and reports into their systems for SQL server audit logs processed by LOGbinder SQL.

 

Download LOGbinder SQL Now!

Or if you want further information on this new solution, please contact sales .

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
LOGbinder SQL Beta is released! Join beta testers now
How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online
Release of LOGbinder SP 3.0

Comments disabled

powered by Bloget™

Search


Categories
Recent Blogs
Archive


 

Upcoming Webinars
    Additional Resources