About Security Analytics and Logging

Security Analytics and Logging (SAL) is a central log management and advanced threat detection service which delivers scalable Cisco firewall logging and correlated analytics. Central logging helps in providing visibility, helps troubleshoot network access issues including disruptions, and enables device and overall network health monitoring. Analytics provide detection against advanced threats.

The SAL service is available in the following two methods:

• Security Analytics and Logging (SaaS)—A hosted software as a service (SaaS) which stores events and provides data for security analytics using Secure Cloud Analytics (formerly Stealthwatch Cloud). This service connects the Security Analytics and Logging cloud data store to the firewall cloud manager, Cisco Defense Orchestrator (CDO).

  In this documentation, this method is also referred to as SAL (SaaS).

• Security Analytics and Logging (On Premises)—A service that runs on the Secure Network Analytics (formerly Stealthwatch) appliances to store event logs at the customer's own premises. This service connects the Security Analytics and Logging (On Premises) data to the on-premises manager, Secure Firewall Management Center.

  In this documentation, this method is also referred to as SAL (OnPrem).

For more information about Security Analytics and Logging, see https://www.cisco.com/c/en/us/products/security/security-analytics-logging/index.html.