LOGbinder Blog

Updates, Tips and News   RSS Feed  

«  November 2014 LOGbinder N... | Comparison: SQL Server Au... »

October 2014 LOGbinder Newsletter: Feedback Makes Customer Happy; New SIEM integrations

Thu, 30 Oct 2014 11:04:20 GMT
Remember when we said that we loved feedback and wanted to hear from you about the pain points? Here's an example of what we try to do when you send us that feedback. We got a call from a LOGbinder SQL customer with a production environment problem that didn't show up during his evaluation in a test environment. While diagnosing the problem (it turned out to be a GPO issue at the customer's location) we saw that the input window was too narrow to display all of the long file name, which was a major pain. Our development team made the correction to the source code and we got the new bits to the customer that same day! The customer was happy, and the developers got the satisfaction of delivering a solution that made a real difference.

So please keep that feedback coming. We sweat even the small stuff if it helps you get application security intelligence where you need it – your SIEM.

People who speak our language

LOGbinder has some great value-added resellers who speak our language. They totally get that your SIEM needs to have application security intelligence. And many of them are translating LOGbinder sales material into languages other than English.

If you or a colleague prefer German for example, click Innovative SIEM-Integration von Microsoft-Daten to get what our VAR in Germany, iT-CUBE has put together. It's great!

IT Guard also has translated our sales materials in to Russian to get the word out in that country. They have done a great job with their web site.

If you like your English with an Australian accent, you can't do better than talk applications security intelligence with the SIEM experts at Shelde. In fact, you North American and European readers, when you can't sleep for thinking about a SIEM issue, chances are the Shelde guys down under are just starting their day and would love to help.

Our sales team is working to form partnerships with smart security consultants and resellers all over the globe. Do you have a firm you like to work with that we should know? Tell us.

Tech Tip: Why i:0#.w| in front of user names in LOGbinder SP?

The other day someone asked why LOGbinder SP puts the characters ” i:0#.w| ” in front of the usernames. For example, instead of LB\capt.kirk ” as the username, it would show i:0#.w|LB\capt.kirk ”.

LOGbinder does not do this; it actually comes from SharePoint. This is how SharePoint 2010 and SharePoint 2013 encodes identity claims. It's SharePoint's way of representing the authentication method used in SharePoint. Here is an article on what it means: http://social.technet.microsoft.com/wiki/contents/articles/13921.sharepoint-2013-claims-encoding-also-valuable-for-sharepoint-2010.aspx

New SIEM integrations are publicly available

Many SIEM product developers have recently told us about new integrations for LOGbinder solutions. We're going to be telling everybody about these developments as soon as the documentation is complete. In the meantime, here are the highlights about what's new:      
  • Logpoint has fully integrated all 3 of the LOGbinder products.
  • LogRhythm has completed their 2nd LOGbinder integration, the one for LOGbinder EX and they are working on the LOGbinder SQL integration.
  • McAfee ESM is now fully supporting all three LOGbinder products.
  • IBM's QRadar product team approved our LEEF implementation. (see note below) QRadar now has integration for LOGbinder SP and LOGbinder EX and are working on an integration for LOGbinder SQL.
  • Solarwinds has also completed their 2nd LOGbinder integration for LOGbinder EX and plan to work on LOGbinder SQL integration.
  • Our Splunk app for LOGbinder is in beta testing. Let us know if you want to kick the tires.
Note: All 3 LOGbinder products now in beta have LEEF output options. We expect to release these new versions publicly within the next 2 weeks.

Of course, LOGbinder works with any SIEM, and we have Recommended Rules and Alerts for all our products to help users when no custom integration exists for their SIEM. (Click here to get them.)

Options for SQL Server auditing

We know this is a huge topic. We sponsored an Ultimate Windows Security webinar about SQL Server auditing on October 16 that had one of the biggest registration and attendance counts of the year. Apparently more and more, people focus on getting SQL Server audit done right. If you missed the webinar, you can still get the information. If you or someone you know needs to get up to speed on SQL Server audit click here to get the recorded version. The recording captures all of the good questions and answers.

Don't forget to check out our blog post comparing SQL Trace to SQL Audit. It's great info.

Did we say that the Splunk app is ready for beta testing?

The new Splunk app for LOGbinder is available if you want to try it out. We'd love to hear some feedback from more beta testers.

Comments disabled

powered by Bloget™