GFI EventsManager in a Nutshell
Written by: Kellie Swensen
GFI has multiple computer software products to assist businesses in protection. One of the multiple products of software is GFI EventsManager. The GFI EventsManager software enables you to monitor security-relevant policies, mechanisms, applications, and activity to identify security incidents. GFI EventsManager offers wide support for log sources, compliance reporting, simple interface, granular control of log data, safe storage of log data, reactivity and remediation capabilities, log processing rules and scanning profiles works in highly distributed environments, and a Unique combination of active checks and debugs logs collection.
GFI EventsManager collects or listens to logs generated by either windows or other network devices, filters that data according to the rules that are set by the client in order to store them in the most effective manner. GFI EventsManager portrays what is happening in the system. No effective method that will show you simplifies by collecting all logs centralizes user-friendly which you can view and report on. An example of what GFI EventsManager will help with: a business may have is that one of the employees in a client’s environment fails there password attempt three times; which is the default windows limit to attempt a password before the account is locked. Both the failed attempts and the lockout can create windows events. Rather than the admin having to wait for their employee to notify them that they are locked out, by having a SIEM that centralizes the logs, such as GFI EventsManager, they can be alerted which would allow them to take action prior to being told that the problem existed. Not only that but they would then have this data logged with a date time stamp and who the person was so that if it continued to be a problem they could run a report to show the track record of the said employee. This is only one example of many of GFI EventsManager can help with.
GFI EventsManager not only collects and listens to logs but has active monitoring checks that can be set up to run on a schedule to alert the admin of certain issues or situations that arise in the network. A few examples are disk space, file existence, LDAP query, Process running, users and groups members, and CPU usage. GFI EventsManager can be configured to run these checks on schedule, those checks can be set to alert the client if it doesn’t pass the criteria for which it was set for. For example, on the CPU usage, it can alert the client once it reaches a certain level which can help prevent a critical server from going down. The above-listed checks are only a few of the choices that the admin has access to using GFI EventsManager. The use of GFI EventsManager is quite simple to understand, but the power the product provides to an admin is so much more. The ability to not only collect and listen for Windows event logs, syslogs, SNMP Traps, SQL audit logs, Oracle logs, and text logs, but also centralize those logs, allowing an admin to run reports that can greatly benefit their business is fantastic. The addition of the active monitoring checks the product can provide makes this product a real powerhouse to any admin. The benefit of being able to pre-empt a potential problem before it actually causes an issue that can be detrimental to an environment makes GFI EventsManager a no-brainer purchase wise for any business.