EMCA Software is a Polish developer of solutions for monitoring IT infrastructure and network security. Experience in IT consulting for large companies in the energy and public utility sector has led to the conclusion that clients often prefer open-source software. This is particularly relevant for such a critical topic as infrastructure monitoring where any failure can have consequences for everyday life.
Thus, the main goal for Energy Logserver solutions is to simplify the configuration and to adapt IT tools to the individual needs of the company. The vendor's portfolio includes innovative solutions that allow you to centralize IT system events, instantly view logs, collect, structure, and visualize huge amounts of system data.
The solutions offered by the producer include:
- Log Management — a tool for centralizing events and collecting logs.
- Network Analysis — allows you to analyze and correlate network traffic with network packets.
- SIEM — a tool capable of detecting, warning, and pointing out threats in IT architecture.
- Business Analytics — provides clear and transparent aggregation of data.
The solution will be a good choice
- For companies using SIEM — Vendor Log Management can be a complementary solution for their SIEM (basically, ELS takes X sources, matches them, and then passes those results to SIEM which carries out the final analysis).
- For companies not using SIEM, ELS SIEM is suitable with many playbooks and customization options.
- For Elasticsearch users, which is the base for the Energy Logserver, to upgrade the solution and expand its functionality.
Energy Logserver: scope and solution features
- Data Analysis from multiple sources
The Energy Logserver system based on the ELK Stack project is designed to receive almost any data from the IT environment. Depending on the requirements, data is collected both on an agent-based and agent-free basis. The solution has an extensive database of ready-made parsers, visualizations, and dashboards for the most popular IT technologies while ensuring the ease of integrating new technologies.
- Hazard alerts
Energy Logserver allows users to create alarms. This means that the system automatically monitors and responds to incoming data. In the Alert module, the user defines the data he wants to detect and then specifies the search criteria. If these criteria are met, an alert will be triggered to help notify the user or run a script.
The Advanced Alert Module allows you to work with any data in the system, being fully compatible with all other Energy Logserver modules.
- Object permission
Object management function. This allows you to restrict the access of certain users to objects in the system, that is, saved requests, visualizations, dashboards, and index templates.
Even in a very extensive system with a large number of users, this mechanism ensures data security, ease of management, individual settings, and centralization of objects.
What is most important, users can still use the full potential of the system, i.e. they can create visualizations, dashboards, or view data themselves. This is very important, especially when working with a business or analytical department, which usually has specific metrics to work with.
Energy Logserver allows you to create graphic visualization of data collected in indexes. All visualizations or entire dashboards are interactive. This means that we can adjust the request on an ongoing basis so that the presentation will touch the areas of our interest.
- Making report
The Energy Logserver reporting module allows you to create PDF documents from any visualizations and dashboards as well as export data directly from the Energy Logserver to HTML and CSV files. Reports generated in this way can be based on recent or historical data. The files are saved in the system, so they can be downloaded at any time until they are removed from the Energy Logserver.
- Internal review
Access to data is protected, an additional mechanism for tracking the work of application users has been introduced. All user actions are recorded in the audit index, which allows you to know:
- Who is authorized in the application
- How long it has been working
- What inquiries he conducted
- What kind of exports he made
- Whether he created new users and roles for them
- Whether he deleted users or roles for them
- Mobile app
The Energy Logserver mobile application is the first application on the market for users of ELK systems. It was created for administrators and managers who constantly need to know the state of their systems. The app provides access to Energy Logserver, Elastic Stack, and the free version of Kibana.
By logging into the system under your account, you can access the visualizations and dashboards assigned to users and their roles. Using the profile system, you can connect to different environments and accounts depending on your needs.
- Agent management
Energy Logserver can accept huge amounts of data from multiple hosts. However, if you connect more data sources to the system, it quickly turns out that we are going to face another challenge — data source management. Even a small configuration change in a class of tens or hundreds of servers can be tedious work that requires logging into each machine and manually changing the configuration.
Thus, Energy Logserver has centralized agent configuration management that allows remote configuration changes from the GUI level. Without having to log into the source server, the system can check or update the configuration on that server.
Products and Solutions
Deep analysis and correlation of netflow with network packets. The traffic collector will allow you to keep in sight a large amount of traffic from different sources, and a tool for its analysis will find and warn you about threats.
Collecting, sorting, storing, and processing huge logs data. By storing and correlating different reports from different systems with each other, you will gain a comprehensive understanding of the state of your own IT infrastructure.
Energy SOAR is advanced, business-driven solution, that allows the organizations to rapidly identify, investigate and automate as many business and IT processes as possible. Its hyperautomation involves the orchestrated use of multiple technologies, tools or platforms.