Seamless RPA Log Integration for Simplified Log Management and Auditing

Written by Gautam Roy in Software robots in the workplace on May 16, 2019
developer

In the world of Robotics Process Automation (RPA)–software robots are working as intelligently as humans.

So many users on so many devices, how do you keep track of all the activities? Who is running a bot? When did the bot start? When did the bot terminate? What changes were made to the systems?

Logs you say, why are they important?

Logs are the key for systems administrators to keep a pulse on security, integration, operational efficiency, and compliance. All system and network administrators need logs for who did what, when, where, and why.

All network devices generate logs–these logs send information to the syslog server. The server does all the monitoring and the reporting when things seem right as well as when things are wrong. We need logs for the sake of compliance–to keep track of all activity, along with bots and operational processes.

Logs are also an important necessity for companies who need to comply with regulations such as: Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS) and Federal Information Security Management Act of 2002 (FISMA).

System administrators now have a friend in the audit log business

RPA complements the human worker for automating labor-intensive and repetitive tasks. If you are like most systems administrators, you probably dread the time wasted providing logs for an audit. As a system admin you can now let the bot do the heavy lifting and use your free time for other more important obligations.

Now for the technical part

A key security requirement in many environments and security/compliance frameworks is centralized audit consolidation and reduction. The requirement describes how key systems and audit logs must be forwarded to a central location for storage and subsequent analysis. Analysis by many frameworks includes periodic review for events that indicate security related changes in systems. An easy example would be a system generating a higher level of failed login attempts, possibly indicating a brute force attack, or an expired password for some system account. Each of the major security/compliance frameworks including Payment Card Industry Data Security Standards (PCI-DSS), Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), as well as International Organization for Standardization (ISO) 27001 Security have requirements around logging and centralized consolidation and analysis. (See references to standards and sections below.)

What to do when the system is generating tons of events rapidly?

For starters, don’t get overwhelmed. A big challenge with auditing in many organizations is sifting efficiently through all the logs. There are vendors that specialize in providing dedicated tools for log management and storage. They also provide privacy for protecting the confidentiality, integrity, and availability of logs. Security information and event management (SIEM) systems can collect logs and provide specific analysis including: advanced searching, reporting, and alerting. Examples of SIEM tools include IBM's QRadar, Splunk, LogRythm, and the open source Graylog.

Simplify integration while being secure and compliant

Integrating the Robotic Process Automation (RPA) platform with SIEM is a key step in reducing the overhead of compliance as it offloads the audit records–as required by the security frameworks–automatically. At Automation Anywhere, we strive to deliver efficiency for complex processes and integrate seamlessly with third party tools and systems. Since RPA requires logs to be generated for audit and compliance, we can forward all system logs to third party SIEM like Splunk to run searches and retrieve event data in real-time.

Integrating log management adds simplicity

Automating log management and integrating with SIEM tools can help improve IT security and enable business to be compliant. Automating log management with an effective tool can make a network administrator's life easy and less stressful. With SIEM integration, your RPA audit records are forwarded to the system you already have allowing streamlined RPA governance and troubleshooting with the power of the SIEM searching and alerting features.

 

Figure 1. Architecture of RPA when integrated with SIEM

SIEM integration is easy. Just configure the Control Room with the SIEM server domain name or IP address, select your protocol (UDP/TCP), and you are good to go. When using TCP for syslog you may also configure TLS for secure encrypted transport of the logs to the SIEM.

How Control Room can enhance your capabilities with SIEM

The Control Room is the central and primary control plane for RPA, providing RBAC on all functions–controlling all bot deployments and forming the central point for audit logging. From a security perspective this centralized command and control is better than alternatives that consist of many non-centrally controlled bot runners. With our newest version 11.3.2, the Control Room can be configured to forward audit logs over the network to any system that can receive messages in Syslog format.

 

Figure 2. Automating systems configuration when everything is important

The importance of compliance and logging

Log management aggregates data from many sources such as your network, security, servers, databases, application and much more. It is vital to automate the gathering of compliance data and produce reports by seamlessly integrating all your compliance requirements. The following table shows the security frameworks and the relevant sections that relate to audit logs.

Standard Section(s)
Payment Card Industry Security Standards (PCI DSS) 10.5.3
Federal Information Security Management Act (FISMA) AU-2 through AU-12
Health Insurance Portability and Accountability Act (HIPAA) 164.308(a)(5)(ii)(C), 164.312(b), 164.308(a)(1)(ii)(D)
International Organization for Standardization Security (ISO 27001) A.12.4.1

Unmistakably reducing auditing risk while speeding up user experience

The desire to be technologically advanced and unique applies to all aspects of your business. Managing a large stream of log audits can be a time consuming and repetitive role. Implementing RPA to get the logs generated seamlessly from nearly every computing device and securely directed to any location or remote system can help with the speed with which logs are generated. Auditing the logs securely with RPA can also help you reinvent processes without compromising or limitations.

Be vast and brilliant with log integration. Learn more about automating Enterprise-class-Security for RPA.