![]() ![]() The software within the logical cryptographic boundary consists of all software assemblies for the System Monitor Agent component and cryptographic service provider from the operating system. Its physical boundary is the enclosure of the standalone GPC on which the Agent runs. The Windows System Monitor Agent cryptographic module is a software module. The System Monitor Agent cryptographic module was tested on an 圆4 processor. The System Monitor Agent operating system is Windows Server 2008 R2 SP1. System Monitor Agent runs on a general purpose computer (GPC). An Agent also can collect log data (for example, from Windows Event Logs and SQL Trace files). Remote hosts and devices can send logs to an Agent (for example, as syslog messages). A Windows System Monitor Agent is service that collects log data and forwards the data to a Log Manager for processing and analysis. In particular, these services support secure communication with a LogRhythm Log Manager component. Overview The LogRhythm Windows System Monitor Agent cryptographic module provides cryptographic services to a Windows System Monitor Agent. The module relies on the Microsoft Windows Server 2008 R2 Cryptographic Primitives Library (bcryptprimitives.dll) (certificate #1336) cryptographic module. This module is validated at Security Level 1 as a multi-chip standalone module. It covers the secure operation of the System Monitor Agent cryptographic module including initialization, roles, and responsibilities for operating the product in a secure, FIPS-compliant manner. This document describes the security policy for the LogRhythm Windows System Monitor Agent cryptographic module. System Monitor Agent, Log Manager, AI Engine Server, Event Manager, and Console each include a cryptographic module. It stores configuration information in SQL Server databases on Event Manager. LogRhythm stores log data in SQL Server databases on Log Manager and Event Manager. LogRhythm relies on Microsoft SQL Server. ![]() Console also is used to manage LogRhythm deployments. LogRhythm Console provides a graphical user interface (GUI) to view log messages, events, and alerts. Event Manager analyzes events and provides notification and reporting. An AI Engine Server analyzes log metadata for complex events, which it may forward to Event Manager. A Log Manager may forward log metadata to an AI Engine Server and may forward significant events to Event Manager. Each Log Manager aggregates log data from System Monitor Agents, extracts metadata from the logs, and analyzes content of logs and metadata. Each System Monitor Agent collects log data from network sources. A LogRhythm deployment is made up of System Monitor Agents, Log Managers, Advanced Intelligence (AI) Engine Servers, Event Manager, and Consoles. It is a distributed system containing several cryptographic modules, which support secure communication between components. Introduction LogRhythm is an integrated log management and security information event management (SIEM) solution. Introduction Overview Ports and Interfaces Modes of Operation Module Validation Level Roles Services User Services Crypto Officer Services Policies Security Rules Identification and Authentication Policy Access Control Policy and SRDIs Physical Security Crypto Officer Guidance Secure Operation Initialization Rules Approved Mode Mitigation of Other Attacks Terminology and Acronyms References of 23Ĥ 1. All other company or product names mentioned may be trademarks, registered trademarks, or service marks of their respective holders. Trademark LogRhythm is a registered trademark of LogRhythm, Inc. shall not be liable for any direct, indirect, incidental, consequential, or other damages alleged in connection with the furnishing or use of this information. ![]() specifically disclaims the implied warranty of merchantability and fitness for a particular purpose. makes no warranty of any kind with respect to this information. Disclaimer The information contained in this document is subject to change without notice. No part of this Guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than what is permitted in the Agreement. This Software may be used or copied only in accordance with the Agreement. The Software described in this Guide is furnished under the End User License Agreement or the applicable Terms and Conditions ( Agreement ) which governs the use of the Software. This document contains proprietary and confidential information of LogRhythm, Inc., which is protected by copyright and possible non-disclosure agreements. 1 FIPS Security Policy LogRhythm or Windows System Monitor Agent LogRhythm, Inc Pearl East Circle Boulder, CO Document Version 2.0 Module Versions or of 23Ģ Copyright 2012, 2015 LogRhythm, Inc. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |