The AggreGate server keeps and reports all important events and activities, including security events. There are two security event processing channels:
- Internal events that can be persistently stored in a server database or routed according to the custom rules
- Logging engine that uses a file-based logging by default
The platform server fully manages its own data storage. No system usage scenarios assume that it might be necessary to directly access any data stored in a server database.
Since all access to the database goes through the AggreGate Server core, all access attempts are authorized according to the internal role-based access control.
AggreGate communication protocol is used for data exchange between the primary platform components: servers, clients, and agents. This protocol supports the SSL/TLS encryption that is enabled by default.
All connections to the AggreGate Server through a unified console, browser interface or any API (such as SOAP or REST API) are always authenticated and authorized.
Security of data exchange between the AggreGate server and devices depends on the security and encryption options offered by the device's communication protocol. In the majority of cases, if a certain communication protocol supports some security and data encryption options, these options are also supported by a corresponding device driver. This enables secure device communications whenever possible.
If a certain amount of corporate services provided by AggreGate are publicly available, the servers installed in DMZ can get connected to the primary LAN-based servers via the TLS-secured distributed architecture links and have a limited read-only access to the publicly available data.