Netsurion EventTracker Valuable Features
Really, all of the features are valuable. Probably the most valuable are the real-time alerts and the weekly reports. They would like to send me the reports daily, but because I'm a one-person shop, I just don't have the time to pour through them. Those weekly reports really give me a view of the landscape and of things that might have slipped through the cracks.
The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, that they do from time to time — gives me real-time visibility into what's going on.
I do like, with version 9, that they have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days. I can go back as far as I have archived, which for us is a set of six months. It all depends on how much you want to store. We store one semester's worth of data. That real-time, very quick access is very helpful for our workflow and the ability to investigate things.
Also with version 9, the overall UI is much better. It's more like Splunk, which is one of their competitors. It has more of that kind of look and feel. You literally drag and drop different fields and elements that you want in your reporting. And with that Elasticsearch, where it's almost instantaneous, it's so much more helpful. Their old query tool was okay, but it had the old look and feel. You picked the field you need and you chose an operator like "equals," etc. This new look and feel really is drag-and-drop. It's so much more modern and very useful. It makes it very efficient if you're looking for something.View full review »
Monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird.
I like the dashboard. Our security folks look at it all the time. They have it running, they have a big screen monitor in one of their offices and it's up all the time.
I don't use the UI very much but from what I've been told by the security team, it's very easy to use. Compared to other products, the team found it pretty easy to use. We've got the dashboards published on a large screen TV so they can look at it all the time, and then they typically have it on their desk. It is also available on smartphones.
We import log data into EventTracker. It feeds the overall picture of giving us a good quality view of what's going on in our environment.View full review »
Security Information and Event Management (SIEM)
Find out what your peers are saying about Netsurion, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: July 2022.
622,358 professionals have used our research since 2012.