Morgan Holm

Cygna Labs Adds SIEM Event Forwarding and Identity Grouping Features to Cygna Auditor Version 2.0

 

Cygna Labs releases a new version of Cygna Auditor (v 2.0.380) that implements event forwarding to SIEM systems as well as an account mapping feature that allows for the grouping of an individual’s user accounts from multiple on-prem and cloud systems to a searchable identity.

SIEM Forwarding

The need for organizations to understand what is happening in their on-prem and cloud environments has become increasingly important to detect insider threats, breaches, and cyber-attacks. Auditing and alerting on suspicious activities are critical to aid in detection and to minimize the impact. The newest release of Cygna Auditor adds the ability to forward plain language events to SIEM systems in a standard syslog format or structured view. This simplifies the understanding and consumption of the audit information for operational and security teams to make decisions and react quickly. The structured view normalizes the audit data in the SIEM by the who (account that made the change), what (the object/attribute that was changed with before and after values), where (the system where the change was applied) and when (the time the change was made).  Essentially Cygna Auditor provides SIEM systems a data translation layer service that converts non-human readable raw log data into plain language values as they occur.

 

 

Cygna Identity

Many organizations have a multitude of systems and applications that do not share a single identity store. Some systems are required to be separate due to regulatory or geopolitical reasons and as such, a single admin or user may have numerous separate user accounts to use or manage these systems. The new 2.0 release of Cygna Auditor has a new feature called Cygna Identity to unify these accounts. This feature provides the ability to group multiple user accounts from hybrid and multi cloud systems to a single searchable identity. No other auditing solution currently provides a single view of the individual’s activities across these separate accounts.  The new Cygna Identity feature enables organizations to quickly see an individual’s activities across multiple accounts.

 

Additional 2.0 Features

  • PBMS Connector AD Delegation and Scoping
    • Active Directory delegation and scoping will now also apply to AD audit data from the PBMS connector
  • RSAT Extensions (Remote Server Administration Tools)
    • Integration into ADUC and GPMC consoles to be able to launch a Cygna audit trail or perform a rollback from these native administration tools through context sensitive menu options
  • Daily Status Emails
    • Anonymized system status emails that can be sent to administrators, integrators or partners to inform on high level system function and performance

 

Stay tuned for additional blog posts that will go into greater detail on the SIEM forwarding and Cygna Identity features.