Conflux is a LMaaS (Log Management as a Service) module offered as part of the Cloudaware platform. Conflux discovers, enhances and aggregates logs from cloud providers, such as AWS, Azure and GCP. Besides standard log management functionality, such as search and visualization, Conflux provides enhanced capabilities such as security, monitoring, alerting, reporting, anomaly detection and forecasting. Conflux is available via Cloudaware Launcher.
Automatic Log Discovery
Whenever a user creates new objects - Load Balancers, S3 Buckets and RDS Databases - cloud provider requests the user to provide destination logging location, like a bucket or big query table. This flexibility is great, but large cloud consumers end up with hundreds of locations for log storage. This often results in fragmented data.
Traditional vendors, like Splunk and Sumo, rely on customer to configure ‘'push'' pipelines. However, as the number of cloud services and application components that generate logging data increases, they often have missing or incomplete data. Another key problem with traditional ''push'' approach is that it requires a manual action. See step 1:
Conflux takes a different approach. Instead of relying on users to manually push logs into log management solution, it relies on CMDB to discover log sources and notify Conflux.
This approach based on automated discovery eliminates the need for manual configurations and reduces the possibility of missing log data.
Auto Discovered Log Sources
CloudTrail, VPC Flow Logs, CloudFront; Billing Cost Allocation, DBR and CUR; S3 Access Logs, Elb Access Logs, Alb Access Logs, Route53 Logs
Azure Network Logs, Azure Billing Data
GCP Billing Data
Metrics Beat, File Beat, Winlogbeat
Custom Push Via Syslog
Any custom log file
Custom Pull Via Breeze/LogBeat
Any custom log file
Graph API and Automated Relationship Detection
Conflux analyzes network, spending and security logs to identify relationships and dependencies between objects in CMDB. Using graph API, users can perform an in-depth impact analysis necessary in security, availability and disaster recovery use cases.
Conflux offers three types of anomaly detection for all of its data:
Single Metrics - detect anomalies in single time series e.g. Total Spending By Day
Multi-Metrics - detect anomalies across multiple time series, e.g. CPU
Network Traffic by Instance and Population - detect activity that is unusual compared to the behaviour of the population e.g. console users’ logins.
Reliability and Scalability
Conflux is a highly redundant service with data replicated across multiple cloud providers and regions. Customers can request specific datacenter locations such as US Only, EU Only, etc.
Granular Access and Audit Controls
Role-based access and audit controls allow you to control and monitor the actions your Conflux users can take, and what data, tools and dashboards they can access.
Conflux supports SAML integration for single sign-on (SSO) via SAML v2 compliant identity providers including Okta, PingFederate, Azure AD, ADFS, CA SiteMinder, OneLogin, Centrify, SecureAuth, IdentityNow, Oracle OpenSSO, Google SAML2 provider and Optimal Id. Conflux can also integrate with other authentication systems, such as LDAP, Active Directory and e-Directory.
Data Encryption In-Transit and At-Rest
Conflux uses industry standard SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption for data in transit. All forwarders and user sessions are secured in this manner. Electronic messaging is secured by opportunistic TLS encryption on the email gateways.
Conflux encrypts data at rest using Advanced Encryption Standard (AES) 256-bit encryption.
Conflux deployments run in a compartmentalized secure environment, and your data exists on virtually dedicated servers to ensure it remains isolated from other customers’ data.
Supported Alert Mechanisms
Webhook (Generic, Pagerduty, Slack, JIRA, Cloudaware)