Many log collection and SIEM solutions are available in the market today. A notable solution in this space is EventSentry. EventSentry 5.1 is a recent release that brings numerous enhancements to the platform.
Brief overview of EventSentry
EventSentry, by NETIKUS.NET, is a monitoring solution that collects network data and helps admins make decisions based on events collected throughout the network. Organizations can use this solution to correlate and monitor log events, track changes in Active Directory, and visualize data with dashboards and reports. EventSentry also assists organizations that need to comply with PCI, CMMC, NIST, CJIS, and other compliance frameworks while enhancing security at the same time.
New features
Take note of the following new features in the EventSentry 5.1 release:
- Anomaly detection
- Simplified database management and multi-database support
- NTFS permissions inventory
- New compliance dashboards
- Streamlined package updates
- EventSentry agent utility enhancements
- Improved user experience
Anomaly detection
In EventSentry 5.1, administrators have the ability to use and create anomaly filters for detecting unusual activities in event logs. Even though these anomaly filters can be applied to all events, some security events respond especially well to them. For instance, these filters can pinpoint a user logging in from an unknown computer or alert for processes that haven’t been initiated on a specific host before. Building anomaly filters does require a good understanding of insertion strings from the event logs and a bit of setup time. However, to facilitate easy starting, EventSentry comes with some preloaded anomaly filter rules.
Anomaly filter and custom rule editor
Improved database management
The underlying platform of EventSentry has seen developments that enhance how administrators can carry out database maintenance. For instance, administrators can now plan database maintenance tasks directly from the web reports without the need to write any custom scripts.
Automated database maintenance with EventSentry 5.1
There are also enhanced database insight reports so admins can view database health and usage trends that are helpful in proactive database maintenance.
EventSentry 5.1 introduces multi-database support and ADMonitor integration, allowing users to store data in multiple databases simultaneously. This is particularly useful for MSPs or users with different retention requirements. ADMonitor data can now be integrated through the collector, which benefits users with decentralized setups and MSPs.
EventSentry ADMonitor
Better package updates
Lifecycle management with the new EventSentry 5.1 release has been improved. Admins can now use the same update engine used by the validation scripts for more frequent, faster & granular updates. Filter rules in JSON format can be applied directly to the management console to react more quickly to new threats.
Scheduled package updates in EventSentry 5.1
NTFS permissions inventory
The permissions inventory feature is a nice addition to the EventSentry 5.1 release. If you have a directory tree with thousands of subfolders, manually looking at folder properties to audit permissions can be tedious. EventSentry 5.1 automates this process.
Using the new permissions inventory, you can see whether a user has access to specific files and folders along with the user’s access level. The permissions inventory is run periodically at user-defined intervals to refresh file permissions.
NTFS permissions inventory in EventSentry 5.1
New compliance dashboards
EventSentry 5.1 includes new CMMC v2 and TISAX reports and dashboards to see the status of the compliance posture in the environment in a single interface.
Compliance reports in EventSentry 5.1
Below, with the new compliance dashboards, you can quickly see visual compliance alerts across the monitored environment in EventSentry 5.1 – and quickly drill down to individual reports.
New compliance dashboards in EventSentry 5.1
EventSentry network tools
The EventSentry utility resides in the system tray as a component of the EventSentry agent, deployed on the monitored endpoints, offering various helpful features. Upon configuration, it displays information such as:
- Hostname
- The version of the EventSentry agent
- System information of the host running EventSentry agent
- Monitor CPU, processes, memory, network, and disk space usage
- The top three processes using extensive CPU and memory
- The IP address of the host
- Reboot required status
- Speed of the network connection
Additionally, it includes organizing internet connectivity tests and download speed tests.
Using the Internet connectivity test, you can check the status of your Internet connection, including DNS, gateway, packet loss, latency, external IP, external hostname, and WiFi SSID if using wireless.
Improved user experience
Netikus has introduced several usability improvements in EventSentry 5.1. These include:
- New insertion strings in filters now display the name of the string instead of just the number, making it easier to create complex filters.
- The Save Configuration prompt has been optimized in version 5.1 only to appear when necessary configuration changes are actually needed.
- Collector users can now view collector health from within the management console instead of having to access web reports.
Below, the collector status page shows useful information, such as version, remote port, throughput, and last seen status.