Topwalk-LAS - 拓尔思天行网安

Home

Products

Network security

Topwalk-FW

Topwalk-TBG

Topwalk-ACG

Topwalk-IPS

Topwalk-IDS

Topwalk-VSS

Topwalk-ADD

Topwalk-INP

Topwalk-LB

Topwalk-ATMS

Topwalk-ASG
Cross Domain Solutions

Topwalk-GAP

Topwalk-FGAP

Topwalk-UIS

Topwalk-BOP

Topwalk-BSSP
Data Security

Topwalk-PPCP

Topwalk-WAF
Security management

Topwalk-PDS

Topwalk-GAS

Topwalk-DAS

Topwalk-LAS

Topwalk-IBMS

Solutions

Services

Company

CN 

Topwalk-LAS

The Topwalk Log Audit System (Topwalk-LAS) is a big data-driven log audit platform equipped with real-time anomaly detection, intelligent security analysis and data visualization capabilities. It centrally aggregates security events (e.g., network attacks, anti-virus scans), user access records, system operation logs, service status data and network access logs. Undergoing a full process of data identification, processing and analysis, the system standardizes the data into a unified format for centralized storage and management. Boasting an intuitive monitoring interface, it enables operators to dynamically track the overall system security status in real time, quickly identify abnormal security incidents and audit violations. The platform also provides robust anomaly analysis and incident traceability functions for in-depth security investigation.

Home > Security management > Topwalk-LAS

Core Values

日志采集

天行日志审计与管理系统支持从网络设备、安全设备、主机系统、数据库系统、中间件系统等IT基础设施采集日志，采用的协议和方式包括但不限于：Syslog、SNMP Trap、SSH、JDBC、FTP/SFTP、NetFlow、WMI、Kafka文件导入等方式。

Audit Analysis

Audit management consists of modules for audit events, audit policies, audit types and audit personnel. It comes with a comprehensive suite of built-in audit policies to streamline configuration workflows, and delivers scenario-tailored customized audit results. Users can assign different audit personnel to view role-corresponding audit results under multi-role permission settings, which significantly boosts audit efficiency. This enables targeted monitoring of critical events while ensuring full operational transparency.

Vulnerability Knowledge Base

The system's vulnerability knowledge base integrates the CVE Vulnerability Database, CNVD Vulnerability Database and Threat Intelligence Database, and supports manual vulnerability query. The Threat Intelligence Database can cross-reference raw log data to automatically generate threat intelligence events.

Visual Dashboard

The system supports customizing display formats and styles by dimensions including assets, events, audits and alerts.

Risk Visualization

The system dynamically displays the sources and destinations of external threats on an interactive map with animated effects.

Attack Visualization

The system visualizes attack-associated source and destination IP addresses via graphical representations, and supports conditional data presentation based on custom query criteria.

Log Formatting

The system normalizes logs from diverse formats into a unified descriptive format, ensuring records are detailed, human-readable, and compliant with the requirements of complex multi-dimensional statistical analysis and auditing. Standardized fields include event type, event name, event level, source IP address, source port, destination IP address, destination port, device type, device IP, and timestamp. It supports dual storage of raw logs and structured logs, provides digital signature protection for logs, indexes original security event information, and offers full-text keyword search functionality.

Log collection & Storage

The system supports log collection across a full range of IT infrastructure components, including network devices, security devices, host systems, database systems and middleware systems. The supported protocols and collection methods include, but are not limited to: Syslog, SNMP Trap, SSH, JDBC, FTP/SFTP, NetFlow, WMI and Kafka file import.

The system enables raw log storage and adopts a hot-cold data separation storage mechanism. It supports concurrent, high-performance writing, querying and analysis for hot data, while facilitating long-term archival storage for cold data. In addition, it offers an ultra-high 15:1 compression ratio for data storage.

Product Advantages

Supports Diverse Collection Methods

Adopted protocols include but are not limited to Syslog, SNMP Trap, JDBC, SSH, WMI, NetFlow V5, SFTP, FTP, Kafka, and log import. It can quickly parse collected logs with various expression forms, meeting the requirements of multi-dimensional statistical analysis and audit.

Powerful Secondary Analysis Capability

The system has built-in a large number of audit strategy templates, covering common and practical ones for enterprises. It also supports convenient customization of basic configurations such as auditors, behavior objects, audit types, and audit strategies, providing powerful log correlation analysis capabilities.

Self-Learning Baseline Modeling Analysis

Adopting machine learning self-learning modeling method, through causal relationship form, it analyzes historical and current log data to form correlation analysis events based on data event sequences, thereby prompting the occurrence of implicit events.

Powerful Log Processing and Storage Capabilities

Supports massive log storage and full log retrieval, with a high log compression ratio of up to 15:1.

Application Scenarios

Topwalk-LAS

The Topwalk Log Audit System (Topwalk-LAS) uses a bypass deployment approach. It only requires connection to a switch to establish visibility across the entire network, without disrupting the user’s existing network infrastructure. The system supports multi-channel log ingestion, including Syslog, SNMP traps, database feeds, and local file imports, and performs log parsing, alert triggering, secure storage, and visualization.