Event Analyst Overview
Logs are a treasure trove of information. If properly set up, they record every network event on your servers, devices and applications, for example Access and permission changes to Files, Folders, and Objects containing financial, customer or compliance data, object access attempts, login failures, etc. This information is critical when launching an immediate incident response when you face a network outage or a security threat. It also presents the means for you to prove compliance to regulatory requirements including Sarbanes Oxley, HIPAA, GLB, FISMA, PCI DSS, NISPOM, NERC CIP and others. However, you know that sifting through the volumes of logs from every possible network source is an unmanageable exercise. You need the tools to filter, correlate, export and report on logs in a way that presents the right information to your team and your management.
Ensuring Reliability and Accountability in Log Reporting
WhatsUp Event Analyst® enables network professionals to easily filter through stores of log file data for specific logs and then view, filter, export and report on those events of interest. The capability to efficiently search vast amounts of log data and report the findings is vital to the health of network security conscious businesses of any size. And with the ability to define, store, schedule and send automated reporting as needed — WhatsUp Event Analyst makes log reporting reliable, accountable and auditable.
With WhatsUp Event Analyst you can:
- Use specialized prepackaged reports for reporting on standard log and compliance criteria
- Generate custom log data reports and charts on any filtered event entries
- Share reports in clear, printer friendly HTML formats with management and auditors
- Correlate and analyze across events and event descriptions across multiple log files at once
- View, filter, convert to/from, export and report on multiple types of log formats
- Easily index and report on WhatsUp Event Archiver and WhatsUp Event Alarm databases
- Use it standalone as a simple, powerful and cost-effective log reporting tool
Key Capabilities of the WhatsUp Event Analyst include:
Powerful and Intuitive Log Correlation and Analysis
WhatsUp Event Analyst is a powerful and intuitive tool for analyzing log data, filtering log entries and examining log files. Its special "windowing" technology enables administrators to correlate different cross sections of log records from multiple sources simultaneously without sacrificing speed. WhatsUp Event Analyst's highly intuitive interface allows network administrators to quickly sift through logs, jump to specific dates or rapidly scroll through them chronologically. It allows local storage of frequently sought after events and event filters, for easy access at any time. WhatsUp Event Analyst ships with many predefined filters that are of immediate use to almost every network administrator out of the box.
Support for Multiple Types of Log Formats
WhatsUp Event Analyst works with a wide-variety of log data formats. It can view, filter, convert to/from and report on saved EVT and EVTX log files, comma-delimited text files and log information from active computers. Like other components of the WhatsUp family of Event Log Management solutions, it uses the patented and exclusive Log Refiner â„¢ Technology to report on both Windows EVT and EVTX log formats simultaneously. WhatsUp Event Analyst can also easily access and analyze WhatsUp Event Archiver and WhatsUp Event Alarm data stored in Microsoft Access or Microsoft SQL databases.
Prepackaged and Custom Log Reporting
WhatsUp Event Analyst helps network professionals generate reports based on pre-designed modules (i.e. SOX, GBLA, PCI, HIPAA, FISMA, MiFID, GLB and others) or user-customized ones. Virtually any type of security event can have its key subfields parsed out, grouped, sorted and formatted inside WhatsUp Event Analyst's custom reporting engine. The clear and printer-friendly HTML and CSV reports prove invaluable for explaining network phenomena to managers and compliance officers, as well as providing security information to law enforcement agencies. WhatsUp Event Analyst aids compliance reporting through pre-built modules and with special capabilities like tracking of file and folder access and deletion – which is critical to many compliance efforts.
Automated Report Distribution Saves Time and Effort
WhatsUp Event Analyst prepackaged report modules can be scheduled using the WhatsUp Event Analyst Service. Scheduling a report is as easy as choosing a scheduled time and day, the source of the log records, a filter and an output folder. Reports may even be emailed automatically to a list of specified recipients.