EventTracker Other Advice

Geremy Farmer
Information Technology Coordinator at Magnolia Bank, Incorporated
If it's your first SIEM event-correlation system, be prepared for a long process. That's not just because it's EventTracker. That seems like that's what that process takes. Again, it really depends on what data you want to capture and how much data you want to capture and how you want to review that data. That configuration process can be very time-consuming. We're on EventTracker 8, but we're getting ready to upgrade to the most recent version of nine, but we have not upgraded yet. I don't typically use the dashboard widgets. I have everything configured in daily, weekly, and monthly reports. We have real-time alerts configured as well. So I'm not really utilizing the dashboard widgets. I know it has a lot of features and options but I manage the system from the reports and real-time alerts. In terms of the screens we use to view the solution, we mostly use the Excel reports that are generated daily and weekly. I access them, as well as the real-time alerts, from all devices. You can view them and see the details from any type of device. But I'm looking at the alerts through my email client on whatever device I'm on. We have logs coming from our firewall configured to auto import log data, but we are not manually importing any log data. Currently there are only two users in EventTracker: myself, as the information security officer and another gentleman here at the bank who is the backup information security officer. He functions more as a backup, but he's never had to step into that role and use the system. He received the training, but I handle the whole system. I'm the only one deploying and maintaining the system. We have internal staff resources for internal incident management but we do not use the EventTracker SOC team. We handle the incidents internally, leveraging the reports and alerts. We don't have any plans to increase usage, unless we add one or two offices as we do naturally in our mortgage division. The difficulty with the language barrier at times with their training and technical support staff is a problem. That's why I'd rate it an eight out of ten. View full review »
Bryan Caporlette
Chief Technology Officer at G&G Outfitters Inc
The solution has been everything that I've asked for from a service standpoint, software standpoint, and support. I have no complaints. My advice would be to engage them to do the installation. The managed service is great value which saves you a full-time employee on your staff by being able to outsource it to EventTracker to review all the logs and cull through the data to make recommendations and identify threats, then how to remediate them. They provide it to you in your weekly or daily report, depending on how frequently you want to have them do it, which is based on your compliance. If you have compliance requirements for HIPAA, PCI, etc., it is a great benefit to help an organization meet their compliance requirements. We have internal staff resources for internal incident management. We leverage the EventTracker SOC team. When we detected the virus, we kept in contact with the EventTracker SOC team and sent them emails, and they would call me and say that they see it on this server or that desktop, and we'd go and take it off of the network and clean it. Then, we would put it back on and they'd watch to see if they saw any traffic that was not supposed to be coming from that server. For the whole remediation process, they were sort of part of the team. Data is all configured to automatically go in. We deployed their agents, and those agents just send the log data directly to the SIEM. We don't manually upload anything. We did not integrate it with any other solutions. View full review »
Sean Sheil
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
Go through some training to know the ins and outs of the application. It has changed quite a bit in the seven years I've worked with it, and it would be a good idea to do some more training to learn all the new features and to make sure you can utilize all the capabilities. The UI is okay. As I said, we're probably underutilizing the product compared to what we should be using it for. We don't view the information from it on screens. We more go off of the reports that we get daily out of the system. In our company there are only three people using the system. We're all IT managers. We're only monitoring about 30 systems and we don't have plans to increase usage. Total time for deployment and maintenance would be a part-time IT manager, ten hours a year. In terms of internal staff resources for internal incident management, it's the same three IT specialists. I would give the solution an eight out of ten. I'm not giving it a ten because of a lack of understanding of the system and some of the kludginess in the generating of reports. View full review »
Consulting Engineer at a tech vendor with 10,001+ employees
Get the preferred support. This is for the guy who uses and maintains the back-end of the system. Because if you don't have your firewall configurations configured correctly, you will need to have that support. All of our domain controller event logs are consolidated and stored on the server. Right now, we are sitting at 101 domain controllers, which is way too many. However, this was one of the main reasons why we purchased it, and it is performing well. The product version that we are on right now is much faster than the version that we were previously on. View full review »

Sign Up with Email