Product Capabilities

Logcollect is built for security operations teams that need to handle massive, disparate security data without losing visibility, blowing up SIEM costs, or missing threats.

Start Evaluation
Request Demo
Product-capabilities

Overview

Logcollect is a software-only telemetry pipeline that supports the collection, enrichment, transformation, and routing of security data from sources to multiple destinations.

It is targeted at security operations struggling with large volumes of disparate data, high operational costs, alert fatigue, and missed threats. Logcollect is available as a software license or fully hosted in AWS and is backed by a team with extensive experience in security logging, SIEM, and regulatory compliance.

Collect once, analyze everywhere.

Key Features

  • Log collection from endpoints and popular SaaS sources – no log left behind.
  • Filter and forward logs to any SIEM, data lake, or other security platforms.
  • Index logs in Elasticsearch with up to 30 days of retention in fast SSD storage.
  • Compress logs by up to 90% and store for 400 days on low-cost disk to meet compliance needs.
  • Automatic report generation for 26 regulatory compliance standards.
  • Audit-ready report review framework to demonstrate compliance.
Capabilities
Benefits

Benefits

  • Cost reduction
    Prioritize and route high-value security data to expensive threat detection platforms for review by expert staff, while sending low-value compliance data to highly compressed, low-cost storage with automatic compliance report generation.
  • Optimized data ingest
     Automate the collection of security event data from a wide range of sources including servers, networks, cloud environments, applications, and agents.
  • Data hygiene & curation
    Filter, normalize, and transform security data to reduce noise and improve signal.
  • Scale
    Reshape and redistribute security data to best-fit platforms such as SIEM, Data Lakes, compressed low-cost storage, and time-series databases.
  • Vendor agnostic
    Avoid lock-in and balance cost, performance, and scale across multiple vendors and platforms.

Robust Agent for Windows Endpoints

  • Collects all local Windows logs and can receive/relay syslog from local firewalls.
  • Extracts device IDs from syslog and transforms system names/fields (e.g., Store #7 mapping).
  • Supports fine-grained filtering including regular expressions (RegEx).
  • Applies data prioritization to transmit security data immediately and send other data in batch mode with compression.
  • Routes logs to multiple destinations (Splunk, Chronicle, Microsoft Sentinel, Securonix, etc.).
  • Transfers data securely using syslog over TLS.
  • MSI package deployment with no reboot required.
  • Centrally manages agent health, configuration, and auto-updates.
  • In production for 10+ years with millions of installations.
Endpoints
Fast Search

Fast Search & Common Indexing Model

  • Extensible Common Indexing Model standardizes fields and schema.
  • SSD-backed index enables rapid search across large log volumes.
  • Search using Lucene query syntax or a REST API with Query DSL.
  • Uniform normalized fields simplify investigations and threat hunting.

Retention & Storage Optimization

  • Compressed log storage for 1–7 years depending on compliance needs.
  • High compression ratios reduce long-term storage cost.
  • Full-fidelity logs retained without burdening the SIEM.
  • Ideal for PCI, HIPAA, NIST, FISMA, SOX, GDPR retention mandates.
storage

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Policy to learn more.