Log data analysis for SIEM
Good security strategies include real-time event log monitoring for critical security incidents and periodic analysis of security-relevant logs. This enables you to detect suspicious activity and respond quickly. Monitor security-relevant policies, mechanisms (e.g., authentication, authorization, etc.), activity (e.g., privileged user activity) and applications (e.g., IDS, IPS, firewall, etc.) in real time.
Complete IT infrastructure monitoring and management
Unplanned system downtime ranges from a minor nuisance to a major catastrophe. Monitor the availability, functionality, performance and use of your IT assets – everything from network devices, workstations and servers to applications, business, infrastructure services and network protocols.
Log data consolidation for compliance
Most data security standards and regulations require that all relevant log data is managed, collected, consolidated and safely stored so that companies can prove accountability for the actions occurring in their workplace. GFI EventsManager provides three-layer log data consolidation accessible through two-factor authentication, forensic investigations capabilities and compliance reporting.
Wide support for log sources
As a network administrator, you have experienced the cryptic and voluminous log data that makes log analysis a daunting process. GFI EventsManager handles this task by decoding it and presenting it in a simple, easy-to-read format.
There is often confusion among users as to which event log reports are needed to meet the requirements of different compliance acts. GFI EventsManager contains specific reports for many of the major compliance acts, as well as a suite of other reports focused on account usage and management, policy changes, object access, application management, print server usage, and many others. The reports are flexible and highly customizable; the layout, columns and row filter can all be changed.
Your network can be the source of considerable log data. Unless you can make sense of the information, however, it won’t provide you with the knowledge needed to effectively maintain your network. GFI EventsManager has an integrated dashboard that offers filtering-enabled charts; they provide a single point of contact with all the data you need to work efficiently.
Granular control of log data
GFI EventsManager offers rule-based, deep and granular control of log data, with out-of-the-box support for operating systems, applications and network devices, and classification of security information.
Safe storage of log data
Most of the industry standards, security best practices, or regulations covering network data management require that logs are kept in a secure manner that guarantees their accuracy and integrity. At the same time, access to the log data needs to be controlled to avoid disclosure of sensitive information or tampering attempts.
Reactivity and remediation capabilities
An important phase of IT management is incident remediation. GFI EventsManager reacts to security or IT issues by running code or scripts on the remote machines. You can stop services or processes, uninstall applications, reboot machines, disable user accounts, close network connections, flush caches, notify others, trigger third-party tools or custom code automatically and in real time.
Log processing rules and scanning profiles
GFI EventsManager ships with a pre-configured set of log processing rules that enables you to quickly and easily filter and classify log records that satisfy particular conditions. These templates make it simple to choose columns for reporting, as well as to perform column mappings. The supplied templates are also fully customizable.
Works in highly distributed environments
Sometimes your workstations and servers are not neatly located in one central location. Your organization might be spread across the country, or even across the globe. So how can you collect data and monitor scattered workstations? GFI EventsManager has the answer.
Unique combination of active checks and debug logs collection
Incident investigation is an important part of the IT management process. It usually involves analyzing various data to identify the cause of problems detected during the incident detection phase so they can be addressed as part of the incident remediation phase.