Product Portfolio

Energy Logserver is available in three product plans. Each plan can be deployed independently or combined depending on the organization’s requirements.

Product Plan

Product Plan

Core Purpose

Primary Use Cases

Target Organizations

Log Management Plan (LMP)

Foundation platform for comprehensive log management

Operational monitoring, compliance

All organizations requiring centralized logging

SIEM Plan

Advanced security analytics and threat detection

SOC operations, threat hunting, incident response

Security-focused organizations, regulated industries

Network Probe

Network traffic analysis and passive monitoring

Network security, advanced threat detection, forensics

Organizations with advanced network security requirements

Log Management Plan

Core Modules:

  • Discover: Advanced search and filtering with ad-hoc query capabilities

  • Dashboards: Interactive operational and security dashboards

  • Visualizations: Comprehensive charting, tables, heatmaps, and custom visualizations

  • Agents: Centralized management of log collection agents across all platforms

  • Archive: Long-term data retention and compliance archiving

  • CMDB: Configuration Management Database integration with event correlation

  • Integrations: Native connectors for data sources and external systems

  • Network Probe: Integrated data collection and processing (first instance included)

  • Reports: Automated and ad-hoc reporting with scheduling capabilities

  • CRUD: Document management interface for creating, viewing, editing, and deleting records in custom indices

Management and Administration Modules:

  • Config: System-wide and user-specific configuration management

  • Sources: Registration, configuration, and management of data sources

  • Dev Tools: Testing and development environment for queries and transformations

  • Index Management: Data lifecycle policies, retention management, and optimization

Key Business Benefits:

  • Unlimited Data Retention: No arbitrary limits on log storage duration

  • Unlimited User Access: Role-based access control without per-user licensing

  • Unlimited Data Sources: Connect any number of systems and applications (applies to standard licensing; MSSP licensing may differ)

  • Included Network Analysis: First Network Probe instance at no additional cost

SIEM Plan Enhancement

Security-Focused Modules:

  • Alerts: Advanced correlation rules and real-time threat detection policies

  • Vulnerability Dashboard: Wazuh-based vulnerability data visualization

  • FIM (File Integrity Monitoring): Critical file and system resource monitoring

  • Correlation Engine: Advanced multi-source event correlation and attack chain analysis

Empowered AI Capabilities:

  • AI Cases: Machine learning-driven incident analysis and recommendation engine

  • AI Assistant: Prompt-based log analysis using configured LLM providers

  • Scheduled Analytics: Automated execution of configured Empowered AI use cases on a defined schedule

  • Behavioral Baselines: Automated establishment of normal behavior patterns

Enterprise Security Features:

  • MITRE ATT&CK Integration: Native framework mapping and technique coverage analysis

  • Threat Intelligence Platform: Integration with commercial and open-source threat feeds

  • SOAR Integration: Integration with external SOAR platforms, including Energy SOAR

  • Advanced Compliance: Automated compliance reporting for multiple frameworks

  • Globe Visualization: 3D geolocation visualization for network traffic and security events (not available in Log Management Plan)

Network Probe

Network Analysis Capabilities:

  • Passive Traffic Monitoring: Layer 2-7 protocol analysis without network impact

  • Flow Analysis: NetFlow, sFlow, IPFIX support for network behavior analysis

  • Protocol Recognition: Automatic identification of applications and services

  • Metadata Extraction: Deep packet inspection for security-relevant information

  • Network Anomaly Detection: Identification of unusual communication patterns

Performance Specifications:

  • Traffic Capacity: Up to 10 Gbps sustained network traffic analysis

  • Event Processing: 20,000+ Flows/Events Per Second (FPS/EPS)

  • Deployment Flexibility: Physical appliance, virtual machine, or cloud deployment

  • Integration: Seamless data forwarding to ELS Data Node and correlation engine