OPSEC Partners
Prism Microsystems
Product Version Certified: EventTracker v6.0
Certified For Use With: Check Point Next Generation and NGX
Product Description: EventTracker is an enterprise class solution to centrally collect, monitor, analyze and store event log data. EventTracker collects log data from Windows machines, SYSLOG, SYSLOG-NG and SNMP enabled devices. It includes a powerful real-time correlation engine, a secure and compressed event storage facility, and a full role-based reporting and management console.
Company Description: Prism Microsystems, Inc. delivers business-critical solutions to consolidate, correlate and detect changes that could impact the performance, availability and security of your IT infrastructure. With a proven history of innovation and leadership, Prism provides easy-to-deploy products and solutions for integrated Security Management, Change Management and Intrusion Detection. Prism Microsystems was formed in 1999 and is a privately held corporation with corporate headquarters in the Baltimore-Washington high tech corridor.
Key Features and Benefits
EventTracker is an enterprise event log management solution designed to enhance the security of your critical systems, maintain confident compliance, and improve overall performance and availability.
- Event Collection
Automated collection of events from Windows Vista/XP/2003/2K/NT, syslog and syslog-ng, SolarisBSM, z/OS, SNMP and any flat file log. Optional Agents support continuous monitoring of critical systems metrics such as CPU, memory and disk utilization. - Event Log Monitoring
Automatic consolidation of millions of events in a secure environment. Central Web or Windows console displays events from all systems within customized views using multiple windows and rule based filtering. Extensive product knowledge-base provides detailed information on over 20,000 different events. - Event Correlation
Events from multiple servers and domains can be analyzed using a powerful expression-based rules engine to enable faster decision making and improved security. Rule wizards allow events to be analyzed based on
single or multiple strings within an event description. EventTracker includes over 500 predefined rules. - Secure Event Storage
Stores event log data in an integrated high performance event storage mechanism which is optimized for the write-once/read many times nature of event log information. The Log data is compressed to less than 10% of the original size, sealed with an MD-5 checksum and stored in standard CAB files. There is no requirement for any RDBMS licenses or DBA time. On-line event storage is limited only by available disk-space, and the archives can be stored on any storage device that can be accessed from the EventTracker Manager. - Historical Event Analysis & Forensics
Reporting engine allows powerful custom querying of the event repository. Predefined reports can be generated on a scheduled basis and distributed in multiple formats. - Regulatory Compliance Support
Over 500 report templates support multiple compliance standards such as Sarbanes-Oxley, HIPAA, GLBA and PCI-DSS. Compliance workflows enable review and secure annotation of reports.
EventTracker has over 600 customers spanning multiple sectors including financial, communications, scientific, healthcare, banking and consulting.
OPSEC Integration
The EventTracker Agent use the Log Export API (LEA) to register with the Check Point firewall as a sink for events and logs. All modes including the secure mode are supported. Users may also specify current or historical logs. The EventTracker Agent relays the retrieved logs in real-time to the EventTracker Console for processing, and a variety of reports and alerts are available for the Check Point product.
The EventTracker console becomes the single pane of glass for log management from all devices in the enterprise including Windows, Unix, applications, network devices and mainframes.
Additional Information