Understanding your log management solution
Key log terminologies
When managing logs, there are terminologies that will help you make the most of the product in hand. Following are the list of such terms and their definitions as used in EventLog Analyzer.
Agentless and agent-based log collection
Agent-based collection: The agent-based collection method is utilized to collect logs from demilitarized zones (DMZs) or critical resources in the network that don't support direct log ingestion. This method is also adopted for critical resources for which the performance shouldn't be affected. The agents in EventLog Analyzer help reduce log size by consuming less bandwidth and resources, pre-processing, and zipping the file before sending it to the server. Agents also ensure secured transportation of log data to EventLog Analyzer's server by adopting HTTPS and TCP for log transmission. Log data security is ensured during transmission with encryption algorithms like AES, RSA, and SHA256 integrity checksum.
Agentless collection: In this method, log data is directly ingested from Windows, Linux/Unix, other Syslog devices, and applications. EventLog Analyzer's built-in log collection module fetches log data from the sources directly. Users can utilize the solution's automatic log source discovery feature to detect the devices in the network and provide appropriate administrator credentials to start collecting the logs. For the Windows environment, the logs will be ingested using the WMI, DCOM, and RPC protocols. Read more about the agentless collection here.
Log correlation
The correlation engine analyzes relationships between network activities using predefined or custom rules to provide visibility into the network. EventLog Analyzer is comprised of over 70 predefined rules based on indicators of compromise and provides the option to configure custom rules to detect complex patterns from the collected logs. Whenever the tool observes a deviation, you will receive real-time alerts on the events.
Log forensic analysis
Log forensic analysis is the process of investigating and analyzing log data to identify the specific details of an attack. It aims at finding the entry-point, time, and extent of damage caused in the network by recreating the crime scene. It also helps in identifying the attack pattern and the data affected by the attack.
File integrity monitoring
File integrity monitoring provides details regarding the changes or modifications in a file or folder and the user responsible for the actions. EventLog Analyzer monitors files and tracks the changes in real time to ensure that any suspicious activity is noted instantly. The user can configure the tool to send instant alerts when sensitive files are accessed by unauthorized users.
Privileged user monitoring
Enterprise data, irrespective of multi-level security, is vulnerable to internal as well as external threats. EventLog Analyzer equips you with the details you need to drill down to the investigate object and user access. Privileged user monitoring tracks the suspicious behavior of users with high-level access within the network. It helps determine who performed certain operations, the result, and from where it happened.
Quick screen tour
Let's take a quick screen tour to understand EventLog Analyzer better.
Intuitive dashboards
Visualize log data with a customizable dashboard that displays the stats most relevant to your organization. The dashboard features three different tabs, which provide an overview of events, network, and security.
Extensive reports
EventLog Analyzer provides more than 1,000 prebuilt report templates with the option to generate custom reports. There are selections for scheduling reports to be generated and emailed periodically, and marking particular reports as favorites.
Out-of-the-box compliance management
Security compliances mandate organizations to maintain audit reports and submit them regularly for audits. EventLog Analyzer offers predefined reports for prevalent IT regulations, including FISMA, PCI-DSS, SOX, HIPAA, GLBA, ISO 27001:2013, GPG, GDPR, NRC, Cyber Essentials, COCO, NERC, FERPA, NIST. Read more about EventLog Analyzer's compliance reports here.
Encompassing search
A flexible search module is an important part of a log management tool as it facilitates easy retrieval of relevant logs during an investigation. EventLog Analyzer has basic and advanced search options.
Powerful correlations
The correlation feature in EventLog Analyzer enables you to detect complex patterns of security incidents advancing across the network. The tool provides incident and session activity reports. You can build new rules and enable or disable existing correlation rules.
Critical alert profiles
EventLog Analyzer tracks security events to help thwart harmful actions in the network. It sends prompt notifications via SMS and email when suspicious activities take place. You can create an alert profile, integrate ticketing tools, and build an incident response and management system to streamline security incident management.
Take a look at the detailed screen tour of EventLog Analyzer here.
New to ADSelfService Plus?
Related Articles
Offline Logs Management
How to: change the Archive (Offline Logs) Location - Applicable for Builds <= 12203 Log on to the EventLog Analyzer UI. Go to Settings Tab ⇾ Admin settings ⇾ Manage Archives ⇾ Settings (right-top corner) Update the new Archive location ⇾ click on ...Enabling historic log collection in EventLog Analyzer
EventLog Analyzer collects all the logs present in the Windows Event Viewer (i.e., Windows Logs > Application, Security, System) when the historic log collection option is enabled. To enable historic log collection, follow the steps below: Navigate ...Efficient Solutions for Disk Space Management
Please gather the below details to narrow down the root cause of the issue: Build number: If the EventLog Analyzer GUI is accessible, log onto the GUI, click on ? at the right-top corner, and check the build number. If the EventLog Analyzer GUI is ...Introduction to EventLog Analyzer
What is log management? An enterprise network consists of different entities—perimeter devices, workstations, servers, applications, and more. Each entity records every activity that unfolds within it in the form of logs. These logs hold information ...Does the given credentials of a Windows device have permission for log collection?
Case 1: The account is a local administrator or a domain administrator. The credentials will, by default, have the required permissions. Case 2: The account is a non-admin domain user. Provide the non-admin domain user with the required permissions. ...