Additional Data ingress
Table of contents
Fluency has the means to integrate with a variety of vendor and devices. At this point, you will have a steady stream of data feeding into your Fluency instance.
Please refer to the Integration section of this document to see a full list of devices and services that Fluency can integrate with
Some examples:
| Source | What is Collected | Reason |
|---|---|---|
| Security Device Logs | The complete alert information from the security device. | Provides key events for alerting and supporting information for analysis. |
| Network Logs | Network flow information. | Network activity provides insight into what communication could be involved in an issue but did not trigger an alert. |
| Application Flows | Protocol exchange information above the network level. | Provides the best understanding of what the communications intent is. |
| DNS | Complete DNS exchange to include errors and recursive lookups. | Today’s networks often multi-home services. Host name is needed to understand when end point responded. |
| Files | Complete http file transfers. | Allows for network antivirus review in case endpoint does not have AV or is out of date. |
| Active Directory | Window events | Provides additional data such as user and asset. PCI requires a number of AD events to be compliance. |
| Office365 Logs | The complete Office365 record. | Not all the fields of an Office365 log can be accessed via its web interface. Storing in Fluency allows grouping, searching and analyzing the data faster than what is possible in the Office365 interface. |
| DHCP Logs | Asset requesting data. | Allows for the tracking of an asset and user, even when IP addresses are changed due to DHCP. |
| SMTP Logs | Header information and sending communication. | Provides a means to track how a particular email entered the system. |
| Asset Logs | Information from devices such as Infoblox, BlueCat and Forescout. | Allows for the tracking of asset and comparison of use by device. |
| SSL Certificates | SSL certificate used in communication. | Provides insight into the application and use even when communication is encrypted. |
| SIEM Data | Events and alerts. | Provides the capability of included data already collected without changing infrastructure. |
Fluency is designed to collect and correlate logs from system, datalink and application levels (data