EventTracker analyzes all of the different types of security events, it both aggregates and correlates. They send us a daily report of things like servers that aren't responding that normally respond and any kind of events that they see from the day before. If there is a serious perceived security event, they will call. I have two folks at InfoSec, so they will call directly and say, "Hey, we're seeing something here." Then between the two of them, they'll try and identify whether it is a true event or not, and then monthly, we sit down with them on a call where we talk about what's going on and if there are opportunities for improvement. If there was an event that we felt they shouldn't have escalated to us then we'll let them know and we'll talk about how it could have been avoided or vice versa or if there was an event that we didn't get escalated but it should have been. We don't get a lot of those, mostly it's about, "Hey, we're adding this new device, we want to make sure it's on the list, so it's getting monitored", and things like that.
Senior Director, Information Security at a pharma/biotech company with 1,001-5,000 employees
Real User
2019-12-23T07:05:00Z
Dec 23, 2019
We use it for logging all of our Active Directory activities, including authentication, alterations, and modifications to the AD controls and privileges. We use it for events coming off of both the servers and the desktops. And we also roll in the logs from our various security controls and devices, such as our antivirus tools, backup service, firewalls, the IPS, etc. Those are all rolled back into the EventTracker system. The goal is to eventually start taking advantage of the ability of EventTracker to correlate activity and alert on something that looks a bit unusual that we should then pay attention to. We get a daily report that they've built, which summarizes all of the activity across all of those areas, on a daily basis for us. The types of log data we import into it include firewalls, server event logs, user workstation event logs, all of the Active Directory activity and authentications, and all of our antivirus logs and our patching service logs. It's in the cloud. We use their console and we take advantage of their storage. We have them manage our logs and our archivals.
Chief Information Security Officer at Samford University
Real User
2019-12-22T06:32:00Z
Dec 22, 2019
We use it for real-time alerts for things like domain admins being added. And we have the managed services provide weekly reports for us for VPN logins and several things like that. And of course, at any time I can do individual investigations and searches on interesting traffic that might be reported to me by EventTracker or that we find on our own.
Sr. Information Technology Security Engineer at a university with 1,001-5,000 employees
Real User
2019-11-28T06:07:00Z
Nov 28, 2019
We are using it to centralize all of our logs and have alerting on security issues. We primarily import Windows systems and Windows Server logs (2012 and 2016). We also import Cisco ASA logs, then Cisco router and switch logs. The import works well.
Network Manager at a energy/utilities company with 51-200 employees
Real User
2019-09-10T09:04:00Z
Sep 10, 2019
We were struggling at the event level, like a lot of people do, in terms of centralized event management and notifications. We just did not have a single pane of glass where we could see events, potential issues, all on a fine thread of a timeline to compare across our enterprise. We needed to know: Is there anything else going on at the same time? We use it extensively. Every product that we have on our network is tied into it. That's been huge for us. The thought process was, "If we're going to put it in place, we want every end-point out there to be cycling through logs or have syslogs pulled into EventTracker. Otherwise, it just didn't make sense. We wanted to have eyes on every device out there.
We are using it for audit compliance. Because when we have audits, we are required have a central event log storage location. If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically.
Information Technology Coordinator at Magnolia Bank, Incorporated
Real User
2019-02-24T10:18:00Z
Feb 24, 2019
We use it to monitor our firewall logs for all of our locations, all of our network logs, and alerts. We also monitor any new users added to the network or who are locked out, any new installs or uninstalls of applications on servers. And we have reports generated for any types of processes or hashes that have been run on computers or servers.
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
Real User
2019-02-21T08:22:00Z
Feb 21, 2019
We're getting some daily reports out of it for different systems regarding passwords expiring, accounts locked out, and a number of events in different categories. We're probably not using it to its fullest potential. We import log data into the solution from Windows Servers and switch-logs from the Cisco switches. Those are the main things that we feed into the system. We don't have any Linux or any other external systems that we feed into it.
Our open XDR platform unifies your existing security telemetry to deliver wider attack surface coverage and deeper threat analytics resulting in greater security visibility. Our SOC does the heavy lifting for you of proactive threat hunting, event correlation and analysis, and provides you with guided remediation. The result is a force multiplier that allows your IT team to be confident and in control again while also maximizing all of your cybersecurity investments.
EventTracker analyzes all of the different types of security events, it both aggregates and correlates. They send us a daily report of things like servers that aren't responding that normally respond and any kind of events that they see from the day before. If there is a serious perceived security event, they will call. I have two folks at InfoSec, so they will call directly and say, "Hey, we're seeing something here." Then between the two of them, they'll try and identify whether it is a true event or not, and then monthly, we sit down with them on a call where we talk about what's going on and if there are opportunities for improvement. If there was an event that we felt they shouldn't have escalated to us then we'll let them know and we'll talk about how it could have been avoided or vice versa or if there was an event that we didn't get escalated but it should have been. We don't get a lot of those, mostly it's about, "Hey, we're adding this new device, we want to make sure it's on the list, so it's getting monitored", and things like that.
It's a system incident and event management platform. The typical use cases that go along with that are alerting and syslog aggregation.
We use it for logging all of our Active Directory activities, including authentication, alterations, and modifications to the AD controls and privileges. We use it for events coming off of both the servers and the desktops. And we also roll in the logs from our various security controls and devices, such as our antivirus tools, backup service, firewalls, the IPS, etc. Those are all rolled back into the EventTracker system. The goal is to eventually start taking advantage of the ability of EventTracker to correlate activity and alert on something that looks a bit unusual that we should then pay attention to. We get a daily report that they've built, which summarizes all of the activity across all of those areas, on a daily basis for us. The types of log data we import into it include firewalls, server event logs, user workstation event logs, all of the Active Directory activity and authentications, and all of our antivirus logs and our patching service logs. It's in the cloud. We use their console and we take advantage of their storage. We have them manage our logs and our archivals.
We use it for real-time alerts for things like domain admins being added. And we have the managed services provide weekly reports for us for VPN logins and several things like that. And of course, at any time I can do individual investigations and searches on interesting traffic that might be reported to me by EventTracker or that we find on our own.
We are using it to centralize all of our logs and have alerting on security issues. We primarily import Windows systems and Windows Server logs (2012 and 2016). We also import Cisco ASA logs, then Cisco router and switch logs. The import works well.
We use it for Windows event logs, disk space, and other alerts.
We were struggling at the event level, like a lot of people do, in terms of centralized event management and notifications. We just did not have a single pane of glass where we could see events, potential issues, all on a fine thread of a timeline to compare across our enterprise. We needed to know: Is there anything else going on at the same time? We use it extensively. Every product that we have on our network is tied into it. That's been huge for us. The thought process was, "If we're going to put it in place, we want every end-point out there to be cycling through logs or have syslogs pulled into EventTracker. Otherwise, it just didn't make sense. We wanted to have eyes on every device out there.
We are using it for audit compliance. Because when we have audits, we are required have a central event log storage location. If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically.
We use it to monitor our firewall logs for all of our locations, all of our network logs, and alerts. We also monitor any new users added to the network or who are locked out, any new installs or uninstalls of applications on servers. And we have reports generated for any types of processes or hashes that have been run on computers or servers.
We're getting some daily reports out of it for different systems regarding passwords expiring, accounts locked out, and a number of events in different categories. We're probably not using it to its fullest potential. We import log data into the solution from Windows Servers and switch-logs from the Cisco switches. Those are the main things that we feed into the system. We don't have any Linux or any other external systems that we feed into it.
The primary use case is SIEM vulnerability and IDS.