Conflux is a an LMaaS (Log Management as a Service) module offered as part of the Cloudaware platform. Conflux discovers, enhances and aggregates logs from cloud providers , such as AWS, Azure and GCP, GCP, and on-prem. Besides standard log management functionality, such as search and visualization, Conflux provides enhanced capabilities such as security, monitoring, alerting, reporting, anomaly detection and forecasting. Conflux is available via Cloudaware Launcher.
...
Whenever a user creates new objects - for example, AWS Load Balancers, AWS S3 Buckets and AWS RDS Databases - cloud provider requests the user to provide destination logging location, like a bucket or big query BigQuery table. This flexibility is great, but large cloud consumers end up with hundreds of locations for log storage. This often results in fragmented data.
Traditional vendors, like Splunk and Sumo, rely on customer to configure ‘''push'' pipelines. However, as the number of cloud services and application components that generate logging data increases, they often have missing or incomplete data. Another key problem with traditional ''push'' approach is that it requires a manual action. See step 1:
...
Auto Discovered Log Sources
Provider | Log |
---|---|
AWS | CloudTrail, VPC Flow Logs, CloudFront; Billing Cost Allocation, DBR and CUR; RDS Logs; S3 Access Logs, |
ELB Access Logs, |
ALB Access Logs, Route53 Logs | |
Azure | Azure Network Logs, Azure Billing Data |
GCP |
Google Audit Logs | |
Operating System | Metrics Beat, File Beat, Winlogbeat |
Custom Push Via Syslog | Any custom log file |
Custom Pull Via Breeze/LogBeat | Any custom log file |
Graph API and Automated Relationship Detection
...
Single Metrics - detect anomalies in single time series, e.g. Total Spending By Day
Multi-Metrics - detect anomalies across multiple time series, e.g. CPU
Network Traffic by Instance and Population - detect activity that is unusual compared to the behaviour of the population, e.g. console users’ logins.
...
Reliability and Scalability
Conflux is a highly redundant service with data replicated across multiple cloud providers and regions. Customers can request specific datacenter locations such as US Only, EU Only, etc.
...
Security
Granular Access and Audit Controls
Role-based access and audit controls allow you to control and monitor the actions your Conflux users can take, and what data, tools and dashboards they can access.
User Authentication
Conflux supports SAML integration for single sign-on (SSO) via SAML v2 compliant identity providers including Okta, PingFederate, Azure AD, ADFS, CA SiteMinder, OneLogin, Centrify, SecureAuth, IdentityNow, Oracle OpenSSO, Google SAML2 provider and Optimal Id. Conflux can also integrate with other authentication systems, such as LDAP, Active Directory and e-Directory.
Data Encryption In-Transit and At-Rest
Conflux uses industry standard SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption for data in transit. All forwarders and user sessions are secured in this manner. Electronic messaging is secured by opportunistic TLS encryption on the email gateways.
Conflux encrypts data at rest using Advanced Encryption Standard (AES) 256-bit encryption.
Environment Segmentation
Conflux deployments run in a compartmentalized secure environment, and your data exists on virtually dedicated servers to ensure it remains isolated from other customers’ data.
Supported Alert Mechanisms
Email
Webhook (Generic, PagerdutyPagerDuty, Slack, JIRA, Cloudaware)
SNS