Know your network. GFI EventsManager gives you effective real time logging and deep analysis of all your security logs. Suitable for compliance reporting to meet any security and regulatory standards, know and respond to any issues that arise quickly.

Wide support for log sources

The volume of data and the often cryptic nature of the logs makes analysis a daunting prospect. GFI EventsManager delivers easy to understand formats that allow you to focus on the critical issues. It works with a range of log sources:

• Windows event logs (Microsoft operating systems and applications)
• W3C logs (generated by IIS, ISA, MS Exchange and others)
• SQL server and Oracle audit
• Syslog records from Unix & Linux machines
• Network devices including firewalls, routers, switches or other appliances
• Simple network management protocol (SNMP)
• Generic text files

Granular control of the data allows you to categorise the data that matters for various functions or business units. Active actions and scripting is available if specific data is received.

Compliance reporting

Delivering the right reports for your regulatory requirements. GFI EventsManager contains pre-formatted reports to meet many of the major compliance acts. You also have a suite of reports installed with the software covering account usage, management, policy changes, object access, application management, print server usage amongst others.

Each report is flexible and customisable to your needs with output available in several formats for further use.

You get a system ready to go, covering requirements including those of Basel II, PCI Data Security Standard, Sarbanes-Oxley Act, Gramm–Leach–Bliley Act, HIPAA, FISMA, USA Patriot Act, Turnbull Guidance 1999, UK Data Protection Act and EU DPD.

Incident investigation

Centralise your data and understand issues with active real life checks. The incident detection phase is normally when you analyse various data to understand the cause of the problems – then you can remediate. Debugging information is collated from each machine so you can perform the job from the same location that you receive your alerts. Minimal effort for maximum understanding.

Remediation

Reactivity and remediation capabilities are integrated into GFI EventsManager. Set up rules to run code or scripts on a remote machine if it detects a particular event in the log. You can stop services or processes, uninstall applications, force reboots, disable user accounts, close network connections, flush caches, notify others, run third-party tools or your own custom code. All automatic and all in real time.

If you have GFI LanGuard full integration allows you to automatically initiate patching operations and vulnerability scans as part of your security log monitoring. All of these results are aggregated in the reporting framework.

Simple interface

An integrated dashboard gets you to the information you need. This single point of contact with your data filters charts lets you work efficiently. See the top critical and high important rules triggered within a defined period of time: top 10 users who fail to log on, those who long on during and outside working hours, service status across your network for example. Get the full details of all network connections at application and user levels derived from Windows events in Vista onwards.

Monitoring statistics are fed directly from an active monitoring engine in real-time and can automatically arranged on the desktop.

Safely stored logs

Keeping logs safe are a key recruitment of many regulations, standards and is certainly best practice. Secure storage guarantees accuracy and integrity. Encryption using the AES algorithm, hashing of log entries to prevent and identify attempts to tamper at the binary level and controlled and audited access to log data using the console.

Two factor authentication is standard and uses Windows user credentials. Access is only on a need-to-know basis – users can only work on the assets they manage and all activity is logged for review at a later stage if required.

Log processing rules and scanning profiles

Logging can be filtered and defined for groups of computers so that you can extract the right information and dependent. With profiles you have a centralised way to tune your log processing rules. Apply different rules to groups or additional complementary profiles to easily classify log records that satisfy particular conditions.

Works in highly distributed environments

GFI EventsManager collects event log data from installations on multiple sites and locations across your network. Collated into one central database, you can monitor thousands of workstations and servers across the network. No impact on bandwidth or storage usage. Back up or restore log records on demand.