Contact Us
OUR SERVICES
Security
Threat
Detection
Speak to an Expert
SECURITY LOG ANALYTICS

Detect attacker activity across disparate IT & security assets

Security Log Analytics from e2e assure embraces both new and traditional approaches to detecting attacker activity across your entire IT estate utilising the most optimised and economically efficient methods.

We offer multiple options for the centralising of log sources for analysis; in addition to utilising our in-house developed SOC platform, CUMULO, we also support integrations with leading SIEM and XDR platforms including Microsoft Sentinel.

Manage

Implementing total attack surface coverage supports strategic risk management objectives to keep your organisation resilient cyber attack.

Protect

24/7 Monitoring and alerting of suspicious activity detected in the log files against strict Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) targets.

Detect

Ingest logs into our in-house SOC platform, CUMULO, and / or Microsoft Sentinel and enable bi-directional incident alerting and updating for maximum efficiency.

Minimise

Having visibility across all IT and security assets means that attackers have fewer places to hide, lowering the likelihood, impact, and cost of any successful attacks.

Regain the power to scale your security coverage effectively

Optimise log sources through the effective management, and optimisation to achieve the strongest security posture for your budget.

Ingest logs into our SOC or Microsoft Sentinel, supporting real-time, bi-directional alerting and updates for greater efficiency.

Our team will advise on managing and transforming data from multiple input streams, defining what to collect, how to filter it, and where to store it. Irrelevant data is removed to minimise storage and processing demands.

Security Log Analytics FAQ

What is Security Log Analytics and how does it work?

Security Log Analytics is a managed service that collects, normalises, and analyses logs from on-premises, cloud, legacy, and appliance-based systems. It provides holistic visibility across hybrid environments by forwarding logs into a central SOC platform. Either e2e-assure’s Cumulo or a third-party solution like Microsoft Sentinel, for 24/7 detection, triage, threat hunting, and incident response.

Pricing is centred on a banded GB per day ingest model. The ingest calculation excludes data generated by additional services from the e2e-assure Threat Detection & Response portfolio (e.g. Modern Workplace Protection, Endpoint Detection & Response, Cloud Threat Detection).

The service supports:

  • Network devices (e.g., firewalls, IDS/IPS, routers)
  • Servers and compute infrastructure (e.g., OS logs, applications, databases)
  • Bespoke applications (via custom integrations)

All log types are assessed and normalized for threat detection. Physical or virtual log collectors may be deployed depending on infrastructure and compliance requirements.

It complements existing tools by capturing logs from sources that lack agent coverage or advanced analytics, such as legacy systems, isolated appliances, or on-premise assets. It enriches visibility, enhances threat detection, and supports forensic investigations across hard-to-reach systems.

Yes. e2e-assure fully supports Microsoft Sentinel as the primary analytics platform, offering service onboarding, content optimisation (rules, workbooks, queries, watchlists), and automation via Logic Apps. The SOC integrates bi-directionally with Sentinel APIs and supports customers using Azure Lighthouse.

Logs are transmitted via secure transport mechanisms from client infrastructure to the central SOC platform. Virtual and physical appliances are configured with log rotation, retention, and syslog daemon controls, aligned to compliance standards (e.g., GDPR, industry-specific frameworks).

Detection is driven by:

  • Analytics rules based on log patterns
  • SOC analyst triage and validation
  • Threat hunting queries created from live and historical logs
  • Alert enrichment and automated incident generation

These techniques help uncover attacker TTPs (Tools, Techniques, and Procedures), even in environments without agents

Log collectors can be:

  • Virtual appliances, hosted in client infrastructure or e2e-assure’s private cloud
  • Physical appliances, deployed on-prem for regulated or bandwidth-constrained environments

 These collectors support secure VPN tunnels, log normalization, and forwarding to the analytics platform.

Onboarding includes:

  • Infrastructure and log source review
  • Designing ingestion and filtering strategies
  • Deploying log collectors
  • Testing log flow, event coverage, and alert generation
  • Tuning analytics to reduce false positives

Service is fully operational once detection signals meet SLA-grade readiness.

Yes. Where feasible, e2e-assure can design integrations into SASE controllers, routers, or other security infrastructure. This allows log-derived alerts to trigger automated network-level containment actions — such as isolating segments — in response to confirmed threats.

Complimentary Threat Detection & Response Services

Endpoint Detection & Response (EDR)
Block ransomware payloads at source with immediate containment of critical alerts.

IT/OT Threat Detection
Provides complete IT/OT visibility through our OT Telemetry Analyser which can be deployed on existing infrastructure.

Speak to Our Team

Schedule a 15-minute discovery call to start building your boutique SOC