tacLOM Event Packs

tacLOM Event Packs

The monitoring software tacLOM supports a security engineer in the analysis of log data. For this purpose tacLOM works with events and event packs.

What is an event?

An event in tacLOM is a log message generated by the system, which is created based on specific log events. So that the raw data can be accessed quickly during later analysis of the events, the reference to the triggering log lines is always stored in each event.

What is an event pack?

When an event occurs and what it looks like is defined by a complex set of rules. Event packs now extend this set of rules by entire collections of rule definitions for a standard product. The available event packs can be displayed in the GUI of tacLOM and selectively activated or deactivated.

The number of event packs is constantly increasing. As more and more customers recognize the benefits of the event packs, terreActive has pushed the development for further products. The current list of available event packs can be found here:

Airlock IAM
Airlock WAF
BeyondTrust Secure Remote Access
Check Point Firewall
Cisco Duo
Cisco IOS, NX-OS, ASA, WLC
Cisco ISE
Citrix NetScaler
Citrix StoreFront
Fortinet Fortigate 5.4
Generic
HP iLO
HP vSentry
Infoblox DDI
Ipswitch WS_FTP
Juniper NetScreen Firewalls / ScreenOS
McAfee Endpoint Security
McAfee ePolicy Orchestrator
Microsoft Exchange
Microsoft IIS 7.0 and higher
Microsoft IIS access logs for IIS 6.0 and higher
Microsoft Network Policy Server
Microsoft SQL Server 2005 and higher
Microsoft Sysmon
Microsoft System Center Endpoint Protection
Microsoft Windows (inkl. Active Directory)
Microsoft Windows Defender
NetMotion VPN
NXLog
One Identity Safeguard for Privileged Sessions
Palo Alto Networks Firewalls running PAN-OS 7.0 and higher
Palo Alto Traps
Pulse Connect Secure
Riverbed RiOS
Sophos XG Firewalls
Symantec Endpoint Protection
tacLOM
tacTFX
terreActive UCTesting
Trend Micro Deep Security
Trend Micro OfficeScan Corporate Edition
Trend Micro Scanmail for Exchange
UNIX/Linux
Vectra Networks Cognito
VMware ESX/ESXi
VMware vCenter

Software made in Switzerland: tacLOM is a Swiss product. The software development department of terreActive is based in Aarau and can react quickly to the needs of local companies.