Cygna Labs Adds SIEM Event Forwarding and Identity Grouping Features to Cygna Auditor Version 2.0
Jan 25, 2021
Cygna Labs releases a new version of Cygna Auditor (v 2.0.380) that implements event forwarding to SIEM systems as well as an account mapping feature that allows for the grouping of an individual’s user accounts from multiple on-prem and cloud systems to a searchable identity.
The need for organizations to understand what is happening in their on-prem and cloud environments has become increasingly important to detect insider threats, breaches, and cyber-attacks. Auditing and alerting on suspicious activities are critical to aid in detection and to minimize the impact. The newest release of Cygna Auditor adds the ability to forward plain language events to SIEM systems in a standard syslog format or structured view. This simplifies the understanding and consumption of the audit information for operational and security teams to make decisions and react quickly. The structured view normalizes the audit data in the SIEM by the who (account that made the change), what (the object/attribute that was changed with before and after values), where (the system where the change was applied) and when (the time the change was made). Essentially Cygna Auditor provides SIEM systems a data translation layer service that converts non-human readable raw log data into plain language values as they occur.
Many organizations have a multitude of systems and applications that do not share a single identity store. Some systems are required to be separate due to regulatory or geopolitical reasons and as such, a single admin or user may have numerous separate user accounts to use or manage these systems. The new 2.0 release of Cygna Auditor has a new feature called Cygna Identity to unify these accounts. This feature provides the ability to group multiple user accounts from hybrid and multi cloud systems to a single searchable identity. No other auditing solution currently provides a single view of the individual’s activities across these separate accounts. The new Cygna Identity feature enables organizations to quickly see an individual’s activities across multiple accounts.
Additional 2.0 Features
PBMS Connector AD Delegation and Scoping
- Active Directory delegation and scoping will now also apply to AD audit data from the PBMS connector
RSAT Extensions (Remote Server Administration Tools)
- Integration into ADUC and GPMC consoles to be able to launch a Cygna audit trail or perform a rollback from these native administration tools through context sensitive menu options
Daily Status Emails
- Anonymized system status emails that can be sent to administrators, integrators or partners to inform on high level system function and performance
Stay tuned for additional blog posts that will go into greater detail on the SIEM forwarding and Cygna Identity features.