• Feature Highlights
• How It Works
• Collection
• Consolidation
• Knowledge
• Correlation
• Storage
• User Interface
• Where It Fits
• Editions
• Training & Services
• Support

EventTracker How It Works - Advanced Monitoring

EventTracker Windows Agent Resource Monitoring

In addition to collecting the contents of the Windows event log, EventTracker Agents enable advanced monitoring of the following resources with all logs retained and available for after the fact analysis and reporting.

Change Auditing

• Monitor for create/delete/change of any file, executable or dll on the file system
• Monitor for create/add/delete of any registry variable

Configuration Assessment

• Perform and report on configuration mandates
• SCAP Certified, supports XCCDF, OVAL, CVE and more
• Scan for configuration compliance standards such as Federal Desktop Core Computing (FDCC)
• Certified SCAP support enables monitoring adherence to DISA STIGs
• Supports authoring of custom configuration standards

USB Device Monitoring

• Track device inserts/removes
• Track files copied to the device
• Track file deletes
• Block USB devices through configurable policy

Application Monitoring

• Monitor application start/stop
• Monitor software install/uninstall
• Monitor application memory usage
• Monitor usage of critical applications (configurable include and exclude list)

Custom Log File Monitoring

• Monitor log files generated by anti-virus software, web servers, dialers, databases such as Oracle
• Supports IIS, IISW3C, IISMSID, NCSA, BIN, URLSCAN, HTTPERR, EVT, TEXT (Word or CR/LF separated), XML

Network Connection Monitoring

• Intrusion detection: monitor incoming network connections outside the trusted configuration
• Monitor incoming network connection to a TCP and UDP port
• Monitor unproductive web surfing and network chatting
• Track and control connections are coming in to the application server

Network Install/Uninstall Monitoring

• Monitor for software/hot fix/update installed or removed on any system

Process Monitoring

• Configurable thresholding
• Monitor CPU/disk/memory usage
• Monitor runaway processes
• Monitor insert/removal of removable media such as USB drives or DVDs

Service Monitoring

• Manage services on any Windows system in your network from one location
• Create, remove, start, stop services across the network
• Send an event when any service starts or stops
• Automatically restart critical services
• Exclude selected services from this monitoring