NTT Security ActiveGuard Investigator provides cloud-based, real-time access to raw log data to enable efficient investigations and support security, IT and business initiatives. ActiveGuard Investigator is available as a value-added service for our Security Log Monitoring and Log Management clients.
System logs provide organizations with a wealth of information about their IT infrastructure. This information, however, is often difficult to access, requires support from IT staff and is only used in the event of a compliance audit or security incident.
With easy access and fast search capability, system log data can become an asset for the security team, the IT team and the rest of the organization.
As ActiveGuard collects and analyzes logs, a copy of the raw logs is archived in a secure, cloud-based and forensically-sound log repository. Clients have access to those logs through the ActiveGuard Portal without the need for additional on-premise equipment or an up-front capital investment.
Making log data more accessible enables data-mining of the logs for efficient security and compliance incident investigations. It also supports the measurement of security controls, IT programs and business adoption. Search results can be filtered and mass exported to .XLS format for further analysis.
ActiveGuard Investigator helps clients to:
ActiveGuard Investigator is built on a big data infrastructure, including Hadoop™ for storing large data sets, MapR™ for efficient queries, Elasticsearch® for indexing and Apache Lucene™ for simple and complex searches. These components allow for fast, flexible searches, delivering query results in seconds. Users can create queries using Boolean and wildcard searches.
ActiveGuard Investigator Datasheet