Log Management

Service Summary

Log management is a security service which collects log files (authentication, system, and application, etc.) in near real time. These logs allow our security information and event management (SIEM) tool to make correlations and provide us insights that are usually lost in the volume of log data received. This intelligence is helpful in security work, auditing, and general IT troubleshooting.

There are currently four Log Management service offerings which are: send logs, get privileged account alerts and or reports, become a SIEM power user, and custom request.

Systems that contain Confidential or restricted information are required to align with Critical Security Controls (CSC)#6, which is a set of security best practices around log management.  For other applications and systems, this service is recommended. Subscribing to the Log Management, you get privileged account alerts and or reports, and following recommendations will align you to CSC #6. Alternately If you do not wish to subscribe to the service you can meet the criteria as defined CSC #6 through your own means.

Features & Functions

  1. Sending Logs Sending logs is a low effort step that System, Database, and Application Admins and owners can take to help safeguard their assets and improve campus security as a whole. For this service, you are providing data to the Core Tech Security team and will only be contacted by security in the event of an issue.
  2. Get Alerts and/or Reports To get alerts which are near real time or reports for designated frequency, Security must be receiving logs and will need to know which privileged accounts want reports and or alerts on and the parameters. For instance, if you want to know if anyone logs into a certain user account, outside of the US, outside of certain working hours, etc.
  3. Make me a Power User Becoming a power user in our SIEM Accelops will allow you to customize alerts and reports to your needs. This option is for experienced users who are looking at tailoring SIEM features for use for their assets or group. The security team provides a UCSC-specific user guide for the SIEM tool and can provide training customized to your needs upon request.
  4. Custom Request or Consulting Request Custom requests are for anything SIEM related that is not defined above. We are in the early implementation of this tool and are barely scratching the surface of capabilities. Here are our current capabilities and the defined roadmap for this tool. We are always interested in how users want to use the tool and the problems they are trying to solve so feel free to send your request and we will be glad to evaluate it or advise if it can be added to the roadmap.

Eligibility for Service

University owned, managed or affiliated systems are eligible for this service. The service can be requested by anyone who is an application or system owner or has a need to know. System owner verification is required.

Requesting the Service

Please note this is a short term process. We are awaiting a service creation in IT Request or a web form.

A User should request their desired service via IT request get help For the service select Security (Physical, IT & Policy) and Log Management as seen in Figure 1 below. In your message, please indicate the service you desire, your role, host and IP, the log types you are interested in and any other information you see fit. Services available are send logs, get privileged account alerts and or reports, become a SIEM Power User, and Custom Request. 

Figure 1

image1

Your IT Request will be assigned within eight working hours. You will be contacted for additional information if needed.

Availability, Metrics & Statistics

The Security Service Team availability is typically Monday-Friday, 8AM-5PM, However, logs are collected in near real time and should not interfere with business operations. Alerts are sent near real time so they can occur at any time. Power users can also access the SIEM at any time.

Self-Service Support

  • For detailed help on submitting logs look at our guide. Here are our current capabilities and the defined roadmap for this tool.
  • Thinking about how you can leverage this tool? Check out this article for ideas on different logs to capture!

  • For more information on how our log management service aligns to best practice guidelines (Critical Security Controls) click here 

  • The security team provides a UCSC-specific user guide for the SIEM tool and can provide training customized to your needs upon request.

Getting Help

For other issues or help, please create a support ticket in IT Request. Select Security (Physical, IT & Policy) for the service and Log Management for the System Application as seen in Figure 2 below.

Figure 2

image2

Your IT Request will be assigned within eight working hours. You will be contacted for additional information if needed.

Cost

This service is a campus funded, so no charge to you. Costs (charge-back) may be incurred for any non-standard or in-depth type of consultation or special request.