Log Management powered by AI

Users and permissions management

BusinessLOG includes a granular users and permissions management system that allows administrators to define exactly which functions, archives, alarms, dashboards, and tools each operator can access. Permissions can be assigned in read-only, read-write, export-only, or enabled modes, ensuring that every user works within a controlled and well-defined operational perimeter. This feature is fundamental for segregation of duties, governance, accountability, and secure multi-user platform administration.

Certified event detail view

BusinessLOG allows operators to open the documented detail of a single log event, displaying the selected record in a clear, structured, and exportable format. Each event includes all essential metadata, such as event type, ID, timestamp, category, source, machine, user, and session information, together with the original message collected by the platform. This feature is especially valuable for audits, forensic analysis, and compliance reviews, because it makes every event easy to validate, archive, and present as evidence.

AI-powered incident report generation

The Incident Report module enables BusinessLOG to automatically generate a structured technical assessment starting from a selected user, machine, and time window. The system correlates the available logs, reconstructs the sequence of events, and produces a report that includes summary, classification, timeline, suspicious behaviors, impacted assets, and recommended actions. This function is ideal for SOC teams, MSPs, internal IT departments, and auditors who need a rapid and consistent first-level incident investigation.

Incident report – Recommended actions

At the end of the investigation workflow, BusinessLOG produces a set of prioritized technical recommendations tailored to the analyzed scenario. These actions may include host isolation, validation of firewall changes, credential review, privilege verification, forensic preservation, correlation with additional telemetry, and hardening measures. This transforms the platform from a pure log collection system into an operational decision-support tool for incident response and security governance.

Event alarms configuration

The Event Alarms module allows administrators to configure detection rules for strategic security events, defining frequency, active time windows, execution conditions, and associated response logic. Rules can be applied to specific event IDs and tuned according to operational requirements, making it possible to detect potentially malicious behavior in real time. This functionality enables BusinessLOG to act proactively, not just as a repository of logs, but as a true monitoring and alerting platform.

Software alarms configuration

With Software Alarms, BusinessLOG can detect software installation, update, and removal events across monitored endpoints. This allows organizations to identify unauthorized tools, potentially dangerous programs, suspicious utilities, or software changes that could impact security posture or compliance. The feature is especially useful for controlling shadow IT, preventing risky applications, and enforcing software governance policies.

USB activity auditing

The USB Access List tracks removable media activity, including insertion events and file operations executed through connected USB devices. BusinessLOG records the executable involved, the source file, the machine, the user, and the exact action performed, giving security teams a clear view of potential data transfers to external storage. This feature is essential for preventing data leakage, enforcing removable-media policies, and supporting internal security controls.

Print activity auditing

The Print Logs section monitors printing activity by tracking documents, printers, targets, users, and endpoints involved in each print event. This allows organizations to identify sensitive documents that have been printed, understand who initiated the action, and maintain visibility over a frequently overlooked channel of information leakage. Print auditing is particularly useful in regulated environments where document handling must be traceable and accountable.

Syslog auditing

The Syslog Access List collects and organizes events generated by network devices, firewalls, NAS systems, Linux hosts, and other third-party appliances. BusinessLOG classifies these logs by area, source, category, user, machine, and risk indicators, allowing the platform to normalize heterogeneous data into a single operational view. This is a key capability for organizations that need centralized visibility across mixed infrastructures and multi-vendor environments.

Local user discovery and account visibility

The Local User List provides a structured view of user accounts detected on monitored machines, including local administrators, guest accounts, built-in profiles, and standard users. For each account, BusinessLOG displays group membership, activation status, first detection date, password change history, and password expiration settings, making it easier to identify weak account configurations or outdated credentials. This feature is especially useful for hardening endpoints, reviewing local privilege assignments, and detecting accounts that may increase security exposure if left unmanaged.

Custom dashboard builder

BusinessLOG includes a flexible Custom Dashboard builder that allows users to create personalized visual reports using charts, cards, tables, pies, gauges, maps, and other analytical widgets. Operators can select data sources, apply filters, define aggregations, and configure visual layouts to transform raw log data into tailored dashboards for technical analysis, management reporting, or customer presentation. This feature enables every organization to build the exact visual monitoring layer it needs, without relying on external BI platforms.

Security Operation Center AI message center

The Security Operation Center AI view centralizes system-generated security messages and operational checks, highlighting issues such as expired passwords, foreign IP access, failed logins, file deletions, new machine detection, and out-of-hours activity. BusinessLOG automatically classifies and groups these alerts, making it easier for analysts to focus on the most relevant findings and quickly investigate suspicious conditions. This module acts as an intelligent operational console for continuous security supervision.

AI-assisted remote PowerShell execution

The Send PowerShell Command module allows administrators to remotely execute PowerShell actions on selected machines, with support for reusable templates and AI-assisted command preparation. This makes it possible to automate administrative tasks such as restarting services, forcing Group Policy refresh, installing software, or launching maintenance routines across multiple endpoints from a single console. The feature combines operational efficiency with centralized control, making BusinessLOG not only a monitoring platform but also a practical response and management tool.

Machine technical detail sheet

The Technical Details panel provides a complete profile of a selected machine, including role, operating system, hardware details, free disk space, last user, scan status, log volume, update history, and operating parameters. From this single interface, administrators can access related information such as software inventory, hardware inventory, updates, local users, sessions, scheduled actions, energy consumption, CVE reports, and shared resources. This creates a unified operational workspace for endpoint management, diagnostics, and security review.

Device diagnostic and connectivity test

The Diagnostics Report verifies the technical health and reachability of a device by testing key parameters such as DNS resolution, ping response, critical TCP ports, CPU load, RAM availability, free disk space, firewall status, and event log accessibility. BusinessLOG presents the outcome in a clear pass/fail format, enabling administrators to immediately identify configuration issues, connectivity problems, or conditions that could affect monitoring reliability. This feature is particularly useful during onboarding, troubleshooting, and validation of monitored hosts.

Software inventory and version comparison

The Software Inventory module collects and displays installed applications across monitored endpoints, including product name, type, installed version, available version, vendor, detection date, and installation path. By highlighting version gaps and outdated software, BusinessLOG helps organizations identify missing updates, obsolete applications, and software lifecycle issues that may impact security or operational stability. This module is essential for asset management, compliance control, and update planning.

Energy consumption monitoring

The Energy Consumption module estimates power usage for monitored machines by analyzing the utilization of key hardware components such as CPU, GPU, RAM, and disks. BusinessLOG presents both per-device values and visual trends over time, enabling administrators to compare systems, identify higher-consumption endpoints, and gain a more complete operational view of infrastructure efficiency. This feature is particularly useful for sustainability reporting, cost awareness, and device optimization initiatives.

AI virtual assistant / RAG-based guidance

BusinessLOG also includes an AI virtual assistant designed to answer user questions based on the available documentation and product knowledge base. In the example shown, the assistant provides step-by-step guidance for connecting an Azure tenant, combining conversational interaction with structured technical instructions. This feature improves usability, reduces training effort, and gives operators immediate access to contextual product support directly within the platform.

Plugins, RT Server, SQL audit, AS400 and Defender integration

BusinessLOG includes a modular Plugin Configuration area that enables the activation of additional connectors and monitoring capabilities according to the customer’s environment. From this section, administrators can enable integrations such as FileMaker, the BusinessLOG RT server, Windows Defender logging, SQL Server auditing, and AS400 log imports, extending the platform beyond standard event collection. This modular approach allows BusinessLOG to adapt to complex infrastructures and vertical use cases while maintaining centralized control from a single interface.

Azure and cloud archive configuration

The Cloud Configuration section allows BusinessLOG to connect with Microsoft Azure for cloud log collection and to activate external cloud-based archival services. Through Azure tenant parameters such as client ID and tenant ID, the platform can import cloud-originated logs, while the dedicated cloud archive option makes it possible to store log-access data in an isolated external environment. This capability is particularly valuable for hybrid infrastructures, Microsoft 365 monitoring, and organizations that require externalized archival for security, resilience, or compliance reasons.

General settings, retention policies and service account management

The General Settings area centralizes core platform behaviors such as domain identification, software and hardware inventory activation, archive viewer enablement, and service-level retention policies. Administrators can define how long logs should be retained, whether remote machine logs should be deleted after a configured period, and which account the BusinessLOG service should use to operate. This section is essential for balancing operational efficiency, storage management, and compliance-driven retention requirements.

Regulatory Report – Automated compliance output for audits

The Regulatory Report module automatically prepares a structured compliance output designed to support audits and regulatory assessments across multiple frameworks. It collects, organizes, and presents all the key technical and operational information that auditors, compliance officers, and security teams typically need — from user and administrator data, machines and asset inventory, shared resources, alarms, software inventory, vulnerability data, endpoint security events, access and security logs, to configuration details useful for control verification. The result is a compliance-oriented output that helps organizations demonstrate the presence of controls, identify possible gaps, and prepare documentation for internal reviews, external audits, and certification processes.