tacLOM Event Packs

Event Packs

The monitoring software tacLOM supports a security engineer in the analysis of log data. For this purpose tacLOM works with events and event packs.

What is an event?

An event in tacLOM is a log message generated by the system, which is created based on specific log events. So that the raw data can be accessed quickly during later analysis of the events, the reference to the triggering log lines is always stored in each event.

What is an event pack?

When an event occurs and what it looks like is defined by a complex set of rules. Event packs now extend this set of rules by entire collections of rule definitions for a standard product. The available event packs can be displayed in the GUI of tacLOM and selectively activated or deactivated.

The number of event packs is constantly increasing. As more and more customers recognize the benefits of the event packs, terreActive has pushed the development for further products. The current list of available event packs can be found here:

•    airiam: Airlock IAM (NEW!)
•    cisco: Cisco IOS, NX-OS, ASA, WLC
•    cise: Cisco ISE
•    cognito: Vectra Networks Cognito
•    cpfw: Check Point Firewall
•    ctxntscl: Citrix NetScaler (NEW!)
•    defender: Windows Defender
•    epo: McAfee ePolicy Orchestrator 5.3.2 and higher
•    epo4: McAfee ePolicy Orchestrator
•    fgate: Fortinet Fortigate 5.4
•    generic: Generic
•    hpilo: HP Integrated Lights-Out (iLO)
•    iblxddi: Infoblox DDI
•    msexch: Microsoft Exchange Server
•    msiis: Microsoft Internet Information Server (IIS)
•    msiisa: Microsoft Internet Information Server (IIS) access logs
•    msnps: Microsoft Network Policy Server
•    mssql: Microsoft SQL Server
•    nix: UNIX/Linux
•    nxlog: NXLog
•    oidsps: One Identity Safeguard for Privileged Sessions
•    osce: TrendMicro OfficeScan Corporate Edition
•    panos: Palo Alto Firewall / PAN-OS
•    pantr: Palo Alto Traps
•    rios: Riverbed RiOS
•    scrnos: Juniper ScreenOS
•    sep: Symantec Endpoint Protection
•    smex: Trend Micro Scanmail for Exchange
•    sopxg: Sophos XG
•    sysmon: Microsoft Sysmon
•    taclom: tacLOM
•    tfx: tacTFX
•    uctest: terreActive UCTesting
•    vsentry: HP vSentry
•    win: Microsoft Windows

Software made in Switzerland: tacLOM is a Swiss product. The software development department of terreActive is based in Aarau and can react quickly to the needs of local companies.