Quest Intrust
Event log management
Quest® Intrust

Overview

Your organization’s most valuable asset is its data and the users who have access to it — but you’re only as secure as your user workstations. Collecting, storing and analyzing all user and privileged account data generally requires large amounts of storage, time-consuming collection of event data and in-house expertise about the event log data collected. That’s where we come in.

Quest InTrust is smart, scalable event log management software that lets you monitor all user workstation and administrator activity from logons to logoffs and everything in between. Slash storage costs with 20:1 data compression, and store years of event logs from Windows, UNIX/Linux servers, databases, applications and network devices. InTrust real-time log monitoring and alerting enables you to immediately respond to threats with automated responses to suspicious activity.

Source: Quest

Quest® Intrust

Key capabilities

Central log collection
Collect and store all native or third-party workstation logs from various systems, devices and applications in one, searchable location with immediate availability for security and compliance reporting. Get a unified view of Windows event logs, UNIX/Linux, IIS and web application logs, PowerShell audit trails, endpoint protection systems, proxies and firewalls, virtualization platforms, network devices, custom text logs, as well as Quest Change Auditor events.
Simplified log analysis

Consolidate cryptic event logs from disparate sources into a simple, normalized format of who, what, when, where, where from and whom to help you make sense of the data. Unique, full-text indexing makes long-term event data easily searchable for fast reporting, troubleshooting and security investigation.

SIEM integration

InTrust delivers easy and reliable integration with Splunk, QRadar, ArcSight and any other SIEM supporting common Syslog formats (RFC 5424, JSON, Snare). With InTrust’s predictable per-user license model, you can collect and store as much data as you need for as long as you want. Then use pre-built filters based on industry best practices to forward only relevant log data and alerts to your SIEM solution for real-time, security analytics. This integration enables you to slash your annual SIEM licensing costs.

Event log compression

Collect and store years of data in a highly-compressed repository, 20:1 with indexing and 40:1 without, so you can save on storage costs by up to 60%, satisfy data retention policies and ensure continuous compliance with HIPAA, SOX, PCI, FISMA and more.

Alerting and response actions
Watch for unauthorized or suspicious user activity, such as file creation beyond threshold limits, using file extensions of known ransomware attacks, suspicious process launches or fishy PowerShell commands. Respond to threats immediately with real-time alerts. InTrust enables you to easily trigger automated responses to suspicious events, like blocking the activity, disabling the offending user, reversing the change and/or enabling emergency auditing.
Tamper-proof protocols
Protect event log data from tampering or deletion by creating a cached location on each remote server where logs can be deduplicated after creation.

Source: Quest

Quest® Intrust

Tour


Automate real-time gathering of event logs from a single console with our event log management software.


 

Use pre-defined searches to zero in on critical event data with our log monitoring tool.


 

Use best practice filters to selectively forward only relevant data to your SIEM to reduce costs, minimize event noise and improve threat hunting efficiency and effectiveness.


 
 
 

Collect, store and search events from Unix and Linux syslog with our event log management software.

 
 
 

Syslog data differs drastically between applications. With InTrust, you can detect structured data inside syslog events and parse this data correctly.

 
 
 

Monitor user session activity — from logons to logoffs and everything in between.

 
 
 

Pre-defined alerts watch for suspicious user activity with our event log management software.

 
 
 

Automated response actions can minimize the impact of modern PowerShell-based attacks such as pass-the-hash with our event log management software.

 
 
 

Send email notifications to specific users and their managers with our log monitoring tools.


 
 
 

Export built-in reports for troubleshooting and review.


 
 
 

Find everything associated with a user or object using simple search terms. View results in a simple format of who, what, when, where, whom and workstation.

 
 
 

Source: Quest

External Links: