How can we improve the SMA (K1000)?

Provide option for logs to go to syslog server. Eliminate need to download logs for IA compliance.

Eliminate need to download logs for long term storage as needed for IA compliance.

257 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Tom S shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

15 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Yes please ; we also find log forwarding to be crucial for effective auditing. ESPECIALLY with the scripting logs, run now statuses, SCAP, and patching. We have already begun writing a db connector for the scripting / run now bit, but syslog forwarding remains a must.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Just received a "GDPR Unauthorized Access Notification", how would we be able to analyze this unauthorized access activity without somewhere to analyze log activity?

  • Anonymous commented  ·   ·  Flag as inappropriate

    I completely agree with these comments, integration with a SIEM is crucial considering the power of the KACE appliance/s and the data available within KACE. Also if a KACE appliance was breached, the consequences could be disasterous.

  • Anonymous commented  ·   ·  Flag as inappropriate

    The 1k is a device that needs to support the BASIC functionality to redirect Logging to a SIEMs/Syslog server. This is a BASIC function in todays secure networks. I think the device falls short of the title Management server if it cannot be integrated with SIEMs. Come on guys, catch up with the times... Who doesn't support basic log redirection? Get this function on the road map.

  • Anonymous commented  ·   ·  Flag as inappropriate

    So the appliance has the ability to perform SCAP Scans, but not send logs to a remote syslog server??? This has been open since 2011. Is there any roadmap on when this feature will be added?

  • Bill Felling commented  ·   ·  Flag as inappropriate

    I concur with all these other folks - having the ability to get data from kace into SEIM would be a great help.

  • Anonymous commented  ·   ·  Flag as inappropriate

    KACE does offer database access. If you are using Splunk, you can use dbconnect to get to the data you need.

  • BlaiseG commented  ·   ·  Flag as inappropriate

    Our info security team struggles to extract the data they need from KACE for the SIEM on a more real-time basis for forensic/threat analysis or triggering alerts based upon patterns. They're looking at other tools, which seems unnecessarily redundant.

  • Rich Whyrick commented  ·   ·  Flag as inappropriate

    With the wealth of data housed within the K1000, having the option to log it to a centralized SIEM would provide a lot of contextual and security data.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is much needed considering Dell Kace could be a central location that malicious software could be distributed throughout an entire environment. Without a proper paper trail in an SIEM, the implications of this are far reaching.

  • Anonymous commented  ·   ·  Flag as inappropriate

    as security and compliance is becoming more important. I would like to see dell implement this now!

  • Jacob Edwards commented  ·   ·  Flag as inappropriate

    I would like there to be an option for sending the K1000 logs to a centralized syslog server.
    This should be fairly easy to implement.

Feedback and Knowledge Base