Eastwind for Logs provides centralized visibility, threat analysis and user and entity behavioral analytics to identify malicious activity, insider threats and data leakage within your environment, whether it’s traditional or hybrid . Eastwind for Logs enables organizations to centralize logs from multiple sources quickly and easily.
At its core, Eastwind is powered by the Breach Analytics Cloud. This powerful solution enables cyber defenders to hunt, analyze and visualize all activity relevant to your enterprise. Eastwind provides a comprehensive array of sensors and applications that gather, enrich and analyze telemetry from all areas of your cyber terrain, including SaaS, IaaS, DNS, hybrid networks and all users on and off premises. The result is breach analytics at speed and scale accelerating incident response and forensics.
- Support for cloud infrastructure providers: Amazon Cloudtrail, Google Stackdriver and Microsoft Azure
- Support for Windows and Linux
Monitor the following types of events:
- Administrative and API access to cloud environments
- Network access control lists changes
- IAM policy changes
- Compute instance changes
- VPC changes
- Security group changes
- Cloud storage activity
- Authentication – failed/successful/brute force/directory harvest
- Anomalous user behavior – geo/irregular hours