EventTracker's advanced, central console puts the security manager, event log monitor and event log reporting and analytics engines at your fingertips. Events from all systems can be instantly displayed on a centralized console. Customized views can be created using multiple windows and rule based filtering.
In addition to filtering by the EventTracker Agents, fine-grained filtering at the EventTracker Console facilitates meaningful monitoring support through both view and source filters based on wildcard matches of id, type, source, user, event description.
- Filter non-essential events – collect and manage only important events for minimum traffic
- Filter any event(s) for display only (these are still logged into the event database)
- Monitor only specific events – examples
- Log all events into the database but display only Audit Failure
- Create a separate monitoring window for Exchange Server events
- Filter any specific category of events – example
- monitor all events except information events
- Exclusive filters according to your own criteria – examples
- Filter all Information events except defined list
- A few specific events are frequently generated but you wish to exclude these and monitor all other events.
- BOOLEAN operators in filter policy definitions – provides the ability to match multiple strings in fields to create sophisticated filter policy definitions
EventLogCentral is a secure role-based web user interface to manage and review event log data collected by EventTracker. EventLogCentral supports complete report generation, and all of the support of the Windows console for event viewing and analysis. The server side is based on IIS 5.0 (.NET). User authentication is integrated with Active Directory for single sign-on support. Users require only a browser to obtain secure access (https).
- Anytime secure access from standard browser
- Integrated authentication with Active Directory
- Helps to meet security compliance -HIPAA,SOX,GLBA and others
- Integrated reporting engine to generate, schedule and view reports
- Provision to schedule/generate user specific reports
Medium to large enterprises have different roles for different user groups. EventTracker fully supports role-based access to consolidated event log data through EventLogCentral. Each user is given access to event data based on their assigned role and privileges. Users are authenticated through Active Directory. EventTracker provides the flexibility to use the pre-defined roles or create roles and tasks to fit your organizational requirements.
EventTracker has six pre-defined roles:
- EventTracker Admin: Full privileges to create new roles and assign roles to users
- IT manager: Responsible for managing systems and security for a group of systems
- System Administrator: Responsible for up time and operations for a group of systems
- Security Analyst: Run forensic analysis to find out what has changed, who changed it, and when it changed
- Auditor: Read only access to compliance reports
- Help Desk: Access to all critical alerts and user issues
EventTracker is able to generate an alert when critical events occur, such as security breaches, performance problems, etc. An unlimited number of rule-based alerts are supported with customizable event criteria including support for event-fired automatic (custom) actions for any defined event.
- Out of the box alerts for the most common predefined alert conditions
- Reliable framework for alerts
- Ability to minimize false positives
- Firing automatic actions as a receipt of events can increase system availability
Alert actions include:
- Email/pager
- Custom scripts
- Forwarding SNMP events to other NOC software like HP/Openview, Tivoli
Alerts for complex conditions, such as a series of events happening on different systems, are supported through the EventTracker Correlation Engine.
EventTracker tracks all user activity (including Administrator and privileged accounts), such as logon, logoff, acct create or delete, group add or delete, member add or member delete, password change, etc.
As the EventTracker Console receives events from monitored systems, it analyzes those that relate to user activity to determine event combinations that signal user activity and generates events with consolidated information.
- Information is continuously updated in real time
- Quickly browse by account name
- Reports can be exported to Excel for further analysis
- Track both Administrator and User activity
While the OU administrator is responsible for all users and computers, the way security events are generated, the OU administrator is often not actually able to monitor events related to users or the computers that belong to them. The Active Directory module provides:
- An OU specific console to monitor all OU related security events
- OU specific alarms and actions
- An OU specific event database
- OU specific reporting
- OU Specific Event Correlation
- Decentralization of management tasks as per business needs
