Promoting our product in online forums is usually frowned upon, so I was pleasantly surprised when I was asked to post some details about EventSentry here.

EventSentry is Windows-centric Hybrid SIEM solution. Hybrid SIEM? What does that mean? We call it a Hybrid SIEM since it's more than just a SIEM, log aggregator or monitoring solution. At its core EventSentry monitors event logs, log files and incoming Syslog in real time, but capturing logs only gives you so much visibility that is ultimately insufficient to maintain a secure network and identify threats. For that reason we have supplemented our real-time log monitoring with several system health, inventory and network monitoring capabilities to provider our users with a more complete picture of what's going on in their networks. For example, instead of just capturing event logs, we normalize security events and make it significantly easier to interpret cryptic Windows events.

So how is EventSentry different from other monitoring products? Anyone who has looked into getting a monitoring product probably noticed that the market is pretty flooded with (log) monitoring solutions. On the open source front you'll find Nagios, Zenoss, Graylog and ELK - all nice products if you're familiar with Linux and are willing to dedicate a lot of time configuring & running them - and being OK with forum support. On the commercial side Solarwinds and ManageEngine offer their own lineups like LEM and EventLog Analyzer, products that you'll likely have to supplement with other products (from their lineup) to get what you need. Then you have the likes of Splunk, LogRhythm and Alienvault which are powerful products but will most likely eat a significant portion of both your IT budget (think volume-based licensing) and time.

With EventSentry we attempt to address the shortcomings that come with many existing monitoring solutions through

• Better Support
• A more complete feature set, requiring fewer moving parts
• A better ROI with more aggressive and user-friendly licensing

So from a user perspective, how do we help our users?

• Assist with various compliance requirements such as HIPAA, PCI and similar
• Detect Ransomware infections
• Detect various anomalies like lateral movement in a network
• Track user, process and network activity
• Provide complete software, patch and hardware inventory
• Detect & alert on performance issues
• And a lot more

I'll stop now, if this sounds appealing at all please check out https://www.eventsentry.com where we have a complete list of features, tutorials and screen casts.

Thanks for reading!

We recently launched a new (ad-free) site a bit under the radar that we hope you folks find useful:

https://system32.eventsentry.com

What it offers is:

• Super convenient way to search and view the complete database of all event IDs from the Windows security event log. I know that other sites already offer this, but we think that our presentation is way better and easier, for example you can easily correlate based on insertion strings and such. It's also not plastered with ads.
• Extensive database of Windows, Kerberos, NTLM errors. Ever gotten a cryptic hexadecimal error code in an event - chances are you'll find the explanation on our site. Something missing? Let me know.
• GeoIP & ThreatIntel. To put everything in one place we also added a GeoIP lookup for IP addresses, included two popular threat intel sources.

Hope you find it useful, feedback is always welcome.

https://system32.eventsentry.com

@scottalanmiller Thanks for the introduction Scott. I'm a former Sysadmin and founder of EventSentry, a log and system health monitoring solution I created to help admins around the globe. I like to go back to my roots every once in a while to participate in discussions (although my Sysadmin skills are now a bit rusty), and maybe shamefully promote EventSentry when it makes sense.

IMHO the whole certificate business is a racket - basically a money making machine. I can't think of any other business from the top of my head that just generates a few kilobytes and gets a ton of money for it. Yes, there is some validation going on - but that's pretty easy to do.

I suppose the guy has a point in that Let's Encrypt becomes a single point of failure since it generates so many certificates, not sure if that's a good reason not to use them.

@jaredbusch Sure thing, is there a particular category I should post it in?

IMHO the whole certificate business is a racket - basically a money making machine. I can't think of any other business from the top of my head that just generates a few kilobytes and gets a ton of money for it. Yes, there is some validation going on - but that's pretty easy to do.

I suppose the guy has a point in that Let's Encrypt becomes a single point of failure since it generates so many certificates, not sure if that's a good reason not to use them.

@stacksofplates Yes, but it's also about preventing imposters - so you know that who you're talking to is who they claim they are.

We recently launched a new (ad-free) site a bit under the radar that we hope you folks find useful:

https://system32.eventsentry.com

What it offers is:

• Super convenient way to search and view the complete database of all event IDs from the Windows security event log. I know that other sites already offer this, but we think that our presentation is way better and easier, for example you can easily correlate based on insertion strings and such. It's also not plastered with ads.
• Extensive database of Windows, Kerberos, NTLM errors. Ever gotten a cryptic hexadecimal error code in an event - chances are you'll find the explanation on our site. Something missing? Let me know.
• GeoIP & ThreatIntel. To put everything in one place we also added a GeoIP lookup for IP addresses, included two popular threat intel sources.

Hope you find it useful, feedback is always welcome.

https://system32.eventsentry.com

For me it would depend on the redundancy level of the RAID along with the age of the drives. I'd also make sure they're all the same speed (and ideally size). If you're using older drives then I would at least dedicate one hot spare and have at least another spare offline, ready as a replacement.

If you're not under time pressure then why not just order it and see if the hard drives work with it? If there is a firmware issue then you'll find out right there.

I've seen enterprise level hard drives last in excess of 10 years (although I can't vouch for their performance at that point, it may be affected), so I think it's worth a shot.

@obsolesce I've had a good experience with https://www.sslpoint.com - they're not widely known but we've used them for a few certs over the last 3 years or so (mostly Exchange) and it worked well. The prices are pretty reasonable and support is great (which in most cases you probably won't need).

Can I assume that all of the above will not affect domain membership and rename the computer in the domain correctly as well?

Promoting our product in online forums is usually frowned upon, so I was pleasantly surprised when I was asked to post some details about EventSentry here.

EventSentry is Windows-centric Hybrid SIEM solution. Hybrid SIEM? What does that mean? We call it a Hybrid SIEM since it's more than just a SIEM, log aggregator or monitoring solution. At its core EventSentry monitors event logs, log files and incoming Syslog in real time, but capturing logs only gives you so much visibility that is ultimately insufficient to maintain a secure network and identify threats. For that reason we have supplemented our real-time log monitoring with several system health, inventory and network monitoring capabilities to provider our users with a more complete picture of what's going on in their networks. For example, instead of just capturing event logs, we normalize security events and make it significantly easier to interpret cryptic Windows events.

So how is EventSentry different from other monitoring products? Anyone who has looked into getting a monitoring product probably noticed that the market is pretty flooded with (log) monitoring solutions. On the open source front you'll find Nagios, Zenoss, Graylog and ELK - all nice products if you're familiar with Linux and are willing to dedicate a lot of time configuring & running them - and being OK with forum support. On the commercial side Solarwinds and ManageEngine offer their own lineups like LEM and EventLog Analyzer, products that you'll likely have to supplement with other products (from their lineup) to get what you need. Then you have the likes of Splunk, LogRhythm and Alienvault which are powerful products but will most likely eat a significant portion of both your IT budget (think volume-based licensing) and time.

With EventSentry we attempt to address the shortcomings that come with many existing monitoring solutions through

• Better Support
• A more complete feature set, requiring fewer moving parts
• A better ROI with more aggressive and user-friendly licensing

So from a user perspective, how do we help our users?

• Assist with various compliance requirements such as HIPAA, PCI and similar
• Detect Ransomware infections
• Detect various anomalies like lateral movement in a network
• Track user, process and network activity
• Provide complete software, patch and hardware inventory
• Detect & alert on performance issues
• And a lot more

I'll stop now, if this sounds appealing at all please check out https://www.eventsentry.com where we have a complete list of features, tutorials and screen casts.

Thanks for reading!

@jaredbusch Sure thing, is there a particular category I should post it in?

@scottalanmiller Thanks for the introduction Scott. I'm a former Sysadmin and founder of EventSentry, a log and system health monitoring solution I created to help admins around the globe. I like to go back to my roots every once in a while to participate in discussions (although my Sysadmin skills are now a bit rusty), and maybe shamefully promote EventSentry when it makes sense.