EventTracker provides 2 User Interfaces: the Administrator Console and the Web Portal.
The Administrator or Policy Console is a Windows client application that allows an Administrator to define policy, provision and deploy agents, configure alerts and correlation rules plus perform complete reporting, log search and analysis. This is where EventTracker is configured and maintained. In smaller organizations it is often the primary user interface.
Configure and deploy agents
- Set log filtering and retention policy
- Manage stored logs
- Set and receive alerts
- Configure Virtual Collection Points and Collection Points
- Configure correlation rules
- Reports -- configure, run and schedule reports and report notification
- Simplified Google-like log search
- Analytics
Enterprise Activity System Analysis
The EventTracker Web Portal is a secure role-based web interface that allows you to manage and review event log data collected by EventTracker. The Web Portal enables secure read-only access to the log data and also provides complete reporting, analysis, log search and alerting from any web browser. The Web Portal supports complete report generation, and all of the capability of the Administrator Console for event viewing and analysis. The server side is based on IIS 5.0 (.NET). User authentication is integrated with Active Directory for single sign-on support and users require only a browser to obtain secure access (https).
- Anytime secure access from standard browser
- Integrated authentication with Active Directory
- Helps to meet security compliance - FISMA,SOX,GLBA and others
- Integrated reporting engine to generate, schedule and view reports
- Provision to schedule/generate user specific reports
Medium to large enterprises have different roles for different user groups. EventTracker fully supports role-based access to consolidated event log data through the Web Portal. Each user is given access to event data based on their assigned role and privileges. Access is highly configurable and can be limited by machine type or event type Users are authenticated through Active Directory. EventTracker provides the flexibility to use the pre-defined roles or create roles and tasks to fit your organizational requirements.
EventTracker has six pre-defined roles:
- EventTracker Admin: Full privileges to create new roles and assign roles to users
- IT manager: Responsible for managing systems and security for a group of systems
- System Administrator: Responsible for up time and operations for a group of systems
- Security Analyst: Run forensic analysis to find out what has changed, who changed it, and when it changed
- Auditor: Read only access to compliance reports
- Help Desk: Access to all critical alerts and user issues
OU Administrator Console
While the OU administrator is responsible for all users and computers, the way security events are generated, the OU administrator is often not actually able to monitor events related to users or the computers that belong to them. The Active Directory support provides:
- An OU specific console to monitor all OU related security events
- OU specific alarms and actions
- An OU specific event database
- OU specific reporting
- OU specific event correlation
- Decentralization of management tasks as per business needs
