GFI EventsManager™ - Features

GFI EventsManager solves this problem by providing you with specific reports for some of the major compliance acts as well as other standard reports, including:

• Payment Card Industry (PCI DSS) reports
• Code of connection reports
• HIPAA reports
• SOX reports
• Account usage reports including users who deleted files report
• Account management reports
• Policy changes reports
• Object access reports
• Application management reports
• Print server reports
• Windows event log system reports
• HTTP traffic monitoring report
• Events trend and service status reports
• Deleted files report
• Service status report

GFI EventsManager is a log processing solution that provides network-wide control and management of Windows event logs, W3C logs, SQL Server and Oracle audit logs and Syslog events generated by your network sources. GFI EventsManager supports Simple Network Management Protocol, the language spoken by low-level devices such as routers, sensors, firewalls, etc. Through SNMP users can monitor a whole range of hardware devices on their infrastructure and gain the ability to report on the health and operational status of each device.

New rules are automatically saved into a new rule set called User Rules and will have the least priority by default.

GFI EventsManager checks the details of events and probes whether the usernames or SIDs in question correspond to administrator users. The product can also track changes in rights assignment (through Windows events) so that if a user becomes or stops being an administrator by the time an event has been generated, GFI EventsManager will report accordingly. To use this feature in domains, one must scan the domain controller before scanning other machine members.

This periodically checks if there are new patches for the current version of the product, downloads the patches from the GFI website and installs them automatically.

It works through a scanning system based on checks which are pre-programmed. When a regular log scan is started on a Windows computer, GFI EventsManager Audit, when enabled, will execute all the selected checks. Once checks are done, their results will be written as events in the Windows application log of that machine or the local machine. After the audit, the usual log scanning will start and the new audit events will be available for processing too. Event processing rules can be defined to process the result of the checks. For instance, users can be alerted when a certain check has failed. These results can also be displayed on the dashboard showing the ‘high importance’ events.

Through the GFI EventsManager Audit one can discover if there are:

• Inactive users (users who haven’t logged on during the last 30 days)
• Inactive machine members in a domain (machines not used during the last 30 days)
• IPSec policies not active
• Microsoft firewall products installed and not active
• Slow responses to PING
• Disk volumes running out of space

LogBinder SP sits on top of a SharePoint server and translates the cryptic native SharePoint logs into user-friendly Windows events which GFI EventsManager can process and manage through dedicated reports, views and alerts. Click here for more information

Anonymization consists of encrypting the right data inside events when they are collected, through a key that is set by authorized person(s). The authorized person(s) can decrypt the anonymized data at any time.

Anonymization completely covers Windows Security, SQL and Oracle audit events.

These definitions and the device information are contained in Management Information Base (MIB) definition files, provided by the manufacturers. GFI EventsManager ships with MIB definitions for the following vendors: Cisco, 3Com, IBM, HP, Check Point, Alcatel, Dell, Netgear, SonicWall, Juniper Networks, Arbor Networks, Oracle, Symantec, Allied Telesis and others. GFI EventsManager is capable of importing the MIB files.

Tests demonstrate that our engine is able to scan and collect up to six million events per hour. Its plug-in based methodology allows additional features and modules to be integrated without interfering with existing code.

These templates make it possible to choose the columns for reporting and perform column mappings. Both templates are fully customizable.

You may also selectively highlight specific events using a color or the integrated event finder tool.