Network Connectivity and Data Transfer
All communication between customer-deployed Log Collectors/Virtual Log Collectors and the NetWitness cloud environment is encrypted. Connectivity to the NetWitness UI from the Customer location is limited by Azure specified firewall rules. Communication between various internal NetWitness services deployed in Azure are based on trusted certificates and are encrypted. To reduce bandwidth, data is compressed between various log collection sources and the NetWitness cloud environment.
Customers are responsible for all event source configuration, VLC setup, and initial connectivity to Azure cloud through Open VPN. For more information on data collection, please refer to the Log Data Collection section above.
Cloud SIEM Resiliency & Redundancy
Compute / Virtual Machines:
Virtual Machines utilize a single instance per virtual machine while utilizing Premium Solid State Storage drives for all operating system disks. Additional details on Azure VM guidelines are available here:
azure.microsoft.com
Storage:
Storage disks (OS and Data) utilize locally redundant storage (LRS) which replicates Customer data three times within the same Azure Availability Region. This prevents a failure from a failing SSD, failing server, and or failing network equipment.
Backups:
The NetWitness Cloud SIEM creates configuration, OS, and VM backups (configuration data) of Customer hosts on a weekly basis which are retained for a period of two weeks. Prior to a NetWitness Cloud SIEM upgrade, two configuration backups are taken.
Backups within scope include:
- Configuration files for all Cloud SIEM services.
- Core databases and files for each Cloud SIEM service that reside on OS volumes and VM images.
Backups do not include any raw log data or metadata that is stored on independent solid-state drives (SSDs) which are not part of configuration, OS, or VM backups.
Service Level Agreement
NetWitness provides 24x7 infrastructure and product monitoring to meet an uptime SLA for the NetWitness Cloud SIEM offering. The NetWitness Cloud SIEM offering environment is considered available when users can:
- Access the NetWitness UI
- Run queries & generate reports
- Ingest data from appropriately configured event sources
- Investigate threats
- Respond to incidents
See also
Understand CloudSIEM Maintenance and Administration
Feedback
Was this page helpful?
Thank you! We appreciate you sending us your feedback.
Thank you for your feedback!
Please Submit your Feedback