Making SIEM data accessible to non-IT staff with Applied Analytics

For most organizations, the term “SIEM” brings to mind cybersecurity, log collection, detecting threats, compliance. However, organizations can use security information and event management (SIEM) solutions for more than just security. LogPoint Applied Analytics is a solution for non-technical staff that focuses on giving insight into applications and reporting.

LogPoint developed Applied Analytics in collaboration with a customer request from the medical sector in Scandinavia. It was difficult for non-IT employees to use SIEM to search and run reports. The customer needed a simple way to search, schedule, and run reports based on application logs. Simultaneously, the customer required full permission control on information access and a report approval workflow that can scale to large distributed organizations.

The primary purpose of LogPoint Applied Analytics is to give non-technical staff access to an easy reporting tool. Using logs as a foundation, Applied Analytics provides insight into applications, such as medical journals and social welfare systems. Applied Analytics makes it easy to create reports and has an approval workflow for auditing, evaluating and other organizational reporting purposes.

Many organizations have to meet legal and compliance requirements to keep information about patients, customers and citizens private and secure. There are also requirements that only authorized personnel can access certain information. LogPoint Applied Analytics has a simple workflow with strict access management to enable the correct distribution of reports to specific organizational units.

Applied Analytics is an add-on solution to LogPoint Core SIEM. The LogPoint server handles log collection and secure storage of logs and data from other applications. The LogPoint server also stores all user audit logs from Applied Analytics.

For increased security, Applied Analytics runs in a separate server, which connects to the central LogPoint server. Users authenticate using their regular Microsoft credentials. The user permissions ensure that a user can only see relevant information, such as users and events related to their department.

Applied Analytics is the ideal solution for organizations that need the following capabilities:

• A workflow-oriented platform that distributes reports and approvals for a non-technical organization, such as medical fields, municipalities and financial organizations.
• General log collection and analysis of access logs from non-security systems, such as medical, welfare or data systems
• Reporting and review of access logs by system owners or central groups, such as individual departments or the entire medical office
• Compliance reporting to internal and external auditors
• A documented way to fulfill reporting laws on data privacy and GDPR requirements
• A tool to ensure data confidentiality with access control reports for system owners, department managers and information security officers

The user interface has an easy-to-use search template, so users can perform ad-hoc searches, such as “User x has looked at which patients in the last month?” Users can turn any search into a report, which is then automatically part of the report approval process. Users can also create reports based on report templates or a schedule.

It’s easy to search through applications and create reports with Applied Analytics

Applied Analytics is a customizable tool. Users can translate the entire user interface into the local language and rename every button and panel in a relevant way.

Administrators can easily translate and rename buttons from the mapping page.

Once a user has created a report, Applied Analytics has a workflow for report approval. The workflow ensures reports are accurate, and the data is secure. Some benefits of the workflow include:

• Customizable: Users can customize the report layout and translate the report into any language
• Update reports on-the-fly: Users can add ad-hoc search into the review workflow
• Easy to collaborate: Report reviewers can read, comment, approve and archive reports
• Keep report data secure: Users can invite a colleague or manager to review the report without the need to email or send the report
• Easy to scale: Report permissions allow a review hierarchy in a distributed organization

LogPoint Applied Analytics is a complete solution for organizations that need an easy way to gather information from applications and create reports. Non-IT users can easily review activities in an application and submit reports for approval. With its strict permission control, Applied Analytics is perfect for reports that include sensitive information, such as personal security numbers or bank account details.