Manage event log data for reliability, security, availability and compliance.
for SIEM purposes
your entire IT infrastructure
for compliance purposes
reduce IT department costs
Good protection strategies should include real-time monitoring of event logs to identify critical security incidents and periodically analyze security-related logs.
This way you can quickly identify and respond to suspicious activity. Monitor in real time policies, mechanisms (e.g., authentication, authorization, etc.), activities (e.g., activities of authorized users, and applications (e.g., IDS, IPS, firewall, etc.) related to safety.
Unplanned system downtime ranges from a minor inconvenience to a major catastrophe. Monitor the availability, functionality, performance and utilization of your computing resources – from network devices, workstations and servers to applications, business, infrastructure services and network protocols.
Most data security standards and regulations require that all relevant log data be managed, collected, consolidated and stored securely, so that companies can prove who is responsible for actions that take place in their workplace.
GFI EventsManager offers three-tier log data consolidation, accessible through two-factor authentication, forensic investigation capabilities and compliance reporting.
As a network administrator, you will no doubt have come across voluminous and cryptic log data, the analysis of which has daunted you. GFI EventsManager handles this by decoding it and presenting it in an easy-to-read format.
This log data processing solution provides network-level control and management of Windows event logs (generated by Windows servers, workstations, and Microsoft® applications); of W3C registries (generated by IIS, ISA, MS Exchange and others); SQL Server and Oracle audit logs; Syslog records (generated by Unix®/Linux® computers) and network devices (such as firewalls, routers, switches or other equipment); trap SNMP (simple network management protocol) (language used by low-level devices such as routers, sensors, firewalls, etc.); and last but not least, generic text files – allowing the collection of log data of any application or service.
There is often confusion among users about which event log reports are required to meet various compliance laws. GFI EventsManager contains specific reports for many major compliance laws, as well as other reports focusing on account usage and management, policy changes, object access, application management, print server usage and many others. Reports are flexible and extremely customizable; the layout, and column and row filters are all editable.
By enabling multi-level log data collection, normalization and consolidation, GFI EventsManager plays an important role in meeting the log data retention and review requirements of various regulatory bodies and related laws, including. Basel II, PCI Data Protection Standards, Sarbanes-Oxley Act, Gramm-Leach-Billey Act, HIPAA, FISMA, USA Patriot Act, Turnbull Guidance 1999, UK Data Protection Act and EU Data Protection Directive.
The network can be the source of considerable log data. Unless you can interpret the data, it will not provide the information you need to manage your network effectively. GFI EventsManager has an integrated tool panel containing graphs managed by filters, which represent a single point of contact with all the data you need to work effectively.
The event log monitoring graphs include the critical and highest importance rules triggered during a certain period of time: the first 10 users who failed to connect or who connected during and outside working hours, the status of service across the network and the number of log records stored in the database based on the log type. There is also a comprehensive graph, based on Windows events, showing network connections at the application and user level (available only for newer Vista™ and Windows operating systems).
It also has a section containing monitoring statistics, powered by data from the active controls-based monitoring engine. The tool panel is highly customizable. Separate windows containing various important real-time data from logs can be automatically arranged on the desktop.
GFI EventsManager provides in-depth, granular, rules-based log data control, instantly supporting classification of security information and popular operating systems, applications and network devices.
It also helps you classify log data from a wide range of systems and devices through centralized logging and analysis of different types of logs, including Windows events, Syslog, W3C and SNMP traps, generated by network resources.
Administrators can use predefined classification rules or create custom rules at a deep and granular level to identify and classify certain information considered important for specific environments. Depending on the category, administrators can configure active alert profiles that inform or perform actions (for example, a script or executable).
Most industry standards, security best practices, or network data management regulations require secure log retention to ensure accuracy and integrity. At the same time, access to log data must be controlled to avoid disclosure of sensitive information or attempts at tampering.
GFI EventsManager offers three levels of log data consolidation: log data store encryption using a powerful AES algorithm; Hashing log entries to prevent and identify attempts to tamper with binary level log data and controlled access to log data using the GFI EventsManager console. Access to registry data is granted based on two-factor authentication: the first involves the use of Windows credentials that must have administrative privileges and the second is based on the built-in user role system. All access is granted on a need-to-know basis. GFI EventsManager users can only work with data from the assets they manage and all actions taken are recorded for review at a later time.
An important phase of IT management is incident correction. GFI EventsManager reacts to security or IT issues by running code or scripts on remote computers. You can stop services or processes, uninstall applications, restart computers, disable user accounts, close network connections, perform cache flush, notify, activate third-party tools, or automatically customize codes in real time.
GFI EventsManager integrates with GFI LanGuard®, giving you the ability to trigger vulnerability scanning or patching operations when a threat is detected, and then bring the results of those actions together in your reporting structure.
GFI EventsManager incorporates a pre-configured set of log processing rules, which allows you to filter and classify log records that meet certain conditions. Templates allow you to choose columns for reporting and perform column mappings. In addition, the templates provided are fully customizable.
Scan profiles allow you to configure the set of event log monitoring rules to apply to a particular computer or group of computers.
Profiles are a centralized tool for optimizing event log processing rules. For example, you can set a set of rules to apply only to workstations in a specific department. Or create separate complementary profiles, which provide additional, more specialized event log rules, for each computer, giving you greater control over your data.
Sometimes workstations and servers aren’t in one central location. Your company may have locations across the country or across the globe. So, how can you collect data and monitor decentralized workstations? GFI EventsManager has the answer.
GFI EventsManager collects event log data from installations across the network and across multiple locations and compiles it into a single central database using the Database Operations feature. So you can easily monitor thousands of workstations and servers across your network, without impacting bandwidth or memory usage. Collected and processed log records are integrated and centralized, allowing you to back up and restore log records on demand. With database operations, you can manage the size of the database (without having to intervene manually), not only by centralizing, but also by exporting log records and backing them up as needed.
Incident investigation is an important part of the IT management process. It generally involves analyzing various data to identify the cause of problems encountered during the incident detection phase so that they can be resolved as part of the incident remediation phase.
As well as enabling active issue detection via real-time checks, GFI EventsManager gathers relevant debugging information in a single console. You will no longer need to check the debug logs on each computer; the work can be performed from the same console from which the alarm comes. With minimal effort, you will gain a deep understanding of the cause of the problem.
GFI EventsManager is available in three editions.
Software Maintenance is valid starting from the order management date and its duration must be signed for at least 1 year but it is also possible to choose 2 or 3 years.
As with new licenses, the renewal can also be signed for 1, 2 or 3 years.
When Software Maintenance expires, the product does not cease to function but you lose the right to receive support or download updates.
If the renewal of the license is managed within the expiration or within the grace period of 40 days, then the new expiration date will not change but will simply be carried forward by 1 year or as many as were requested during the purchase.
If the license renewal takes place beyond the 40 day grace period, the new support available for 1, 2 or 3 years will be valid from the order date.
BEWARE: If the license has already expired, please contact our Sales department to have the price rechecked.
If the maximum threshold of a specific edition is reached, it is possible at any time to upgrade to a higher edition. The upgrade is always aligned to the expiration date of the license already in use and in the case of a multi-year subscription, it will also be necessary to adapt the new edition to it.
Below, divided by sector, are some of the famous companies that use the solution