EventSentry: Hybrid SIEM & Monitoring for Everyone
ingmarkoecher last edited by
Promoting our product in online forums is usually frowned upon, so I was pleasantly surprised when I was asked to post some details about EventSentry here.
EventSentry is Windows-centric Hybrid SIEM solution. Hybrid SIEM? What does that mean? We call it a Hybrid SIEM since it's more than just a SIEM, log aggregator or monitoring solution. At its core EventSentry monitors event logs, log files and incoming Syslog in real time, but capturing logs only gives you so much visibility that is ultimately insufficient to maintain a secure network and identify threats. For that reason we have supplemented our real-time log monitoring with several system health, inventory and network monitoring capabilities to provider our users with a more complete picture of what's going on in their networks. For example, instead of just capturing event logs, we normalize security events and make it significantly easier to interpret cryptic Windows events.
So how is EventSentry different from other monitoring products? Anyone who has looked into getting a monitoring product probably noticed that the market is pretty flooded with (log) monitoring solutions. On the open source front you'll find Nagios, Zenoss, Graylog and ELK - all nice products if you're familiar with Linux and are willing to dedicate a lot of time configuring & running them - and being OK with forum support. On the commercial side Solarwinds and ManageEngine offer their own lineups like LEM and EventLog Analyzer, products that you'll likely have to supplement with other products (from their lineup) to get what you need. Then you have the likes of Splunk, LogRhythm and Alienvault which are powerful products but will most likely eat a significant portion of both your IT budget (think volume-based licensing) and time.
With EventSentry we attempt to address the shortcomings that come with many existing monitoring solutions through
- Better Support
- A more complete feature set, requiring fewer moving parts
- A better ROI with more aggressive and user-friendly licensing
So from a user perspective, how do we help our users?
- Assist with various compliance requirements such as HIPAA, PCI and similar
- Detect Ransomware infections
- Detect various anomalies like lateral movement in a network
- Track user, process and network activity
- Provide complete software, patch and hardware inventory
- Detect & alert on performance issues
- And a lot more
I'll stop now, if this sounds appealing at all please check out https://www.eventsentry.com where we have a complete list of features, tutorials and screen casts.
Thanks for reading!