EventSentry

Complete Tool for basic and for professional setup

Kommentare: First days of you I felt a little lost, then I use the help center and the videos that the company has and start working with it perfectly. They have an AWESOME customer care. They will reply your questions at their forum real quick.

Vorteile:

I used this tool for almost 2 years now. Its great for both, for the lazy sysadmin that want to do some clicks and have a monitor tools working and for the one (like me) that want to monitor almost everything even things that are not normal or out of any standard list. Great tool for small/medium ar super big windows and ad networks.

Nachteile:

I would love a little more support for monitoring linux severs, despite it already has a lot of monitoring for common distros like pfsense

Excellent Affordable SIEM product

Kommentare: Installing is very easy indeed from scratch, deploying the monitor to our endpoints again was done in a few clicks, select your computer group ( linked to AD) click deploy agent and go and thats it ! as with every system it takes a bit of getting used to how to exclude or include log filters and filter the notifications ( which were very easy to setup - outgoing smtp) down to alerting you to only important things playing with the settings and netsentry's help area and videos has got me doing things like detecting large amounts of file changes on a file server as possible ransomware and cutting the file shares i'm actually looking forward to seeing what else i can automate

Vorteile:

Eventsentry is a great bit of software that covers us for our PCI DSS log retention as well as giving us an excellent insight into our network through netflow and anomaly alerting. We have our web reports screen up pretty much every day looking at network and endpoint trends And selling to smaller business this is one SIEM solution they can actually realistically afford

Nachteile:

Not found one just yet, I have fed back an alerting mechanism on netflow to ID traffic spikes would be handy

In Betracht gezogene Alternativen: Elastic Stack, Graylog und Splunk Enterprise

Gründe für den Wechsel zu EventSentry: Initially, cost! Small businesses we work with, given a choice of mitigation/acceptance of risk, would just choose acceptance when offered a £2500 a month solution, and limited log retention. Once we started testing we realised despite being very affordable eventsentry was incredibly effective and feature rich, so beat all alternatives in our view.

"BEst Tool for essential and for proficient arrangement"

Kommentare: I utilized this apparatus for right around 2 years now. Its extraordinary for both, for the lethargic sysadmin that need to do a few ticks and have a screen devices working and for the one (like me) that need to screen nearly everything even things that are not typical or out of any standard rundown. Extraordinary device for little/medium ar very huge windows and promotion organizations.

Vorteile:

I utilize the assistance community and the recordings that the organization has and begin working with it impeccably. They have AWESOME client care. They will answer your inquiries at their gathering genuine fast. BEST

Nachteile:

I would cherish somewhat more help for observing linux cuts off, regardless of it as of now has a ton of checking for normal distros like pfsense

Great Customer Support!

Kommentare: EventSentry is used here to collate event logs, spot errors and trends in our network and security issues that need to be re-mediated. we've found it to be very useful in root cause analysis and troubleshooting network issues. the support staff are amazing and cannot be recommended enough!

Vorteile:

The software itself is very granular and provides numerous customization and optimization options, the limits are endless!

Nachteile:

the only drawback is a big learning curve but this is mainly due to the level of technical capabilities the software has, this is also not a big issue as their support staff are some of the most knowledgeable i have ever personally experienced.

In Betracht gezogene Alternativen: Weeztix und PRTG

Gründe für den Wechsel zu EventSentry: better granularity and an easier setup and administration of the product.

After one year of product use: Excellent product and great support

Kommentare: The company our IT department is working for, is a small to mid size company (~550 users).
Our team consists of two system engineers, which makes it challenging to always keep track of changes and events on our Windows servers. We invested some time in searching for a suitable SIEM product for Microsoft Windows eventlog consolidation and event notification.
After we found other solutions to be either overkill/pushy or overpriced, we decided to evaluate EventSentry. The installation was straight forward and intuitive.
It came with several pre-configured Windows event log packages to filter out unrelevant event log noise and to give you a quick clue about how the system works: Define...
..which event log / source to monitor
..the IDs you are interested in
..actions to take if the event occurs Besides this important process of constantly monitoring the Windows event logs of all our Windows servers we soon found out that theres more for us:
- Monitor changes to important system files and directories
- Monitor MS Active Directory
- Monitor software installation and changes
- Consolidate custom log files like for Microsoft Exchange
- and so much more To be honest, it took some time and testing until we had EventSentry configured to track all the relevant edges of our infrastructure.
But during that time it was always a pleasure to work with the not-buggy and intuitive GUI. Also, we learned to love the Webinterface (WebReports) which displays all kind of status information and lets us search and filter through all the event logs and software products we use. After 2-3 months EventSentry totally became a part of our daily work life, running stable and reliable.
This product is a valuable addition for our security roadmap, as it gives us the possibility to verify its effectiveness and automate counter measures. And theres still a lot to discover and utilize (we currently only monitor Microsoft Windows systems). Notable is also the customer support and documentation. Communication was always easy and directly.
A bug I reported was quickly fixed and even a feature request I sent in has been implemented within a very short time. The documentation is comprehensive and useful. Trialing the software was easy and seamlessly without notable impact on our servers, so you should defenetly give this a try!

Vorteile:

The flexibility and range of use

Nachteile:

Nothing notable so far