ManageEngine EventLog Analyzer v8.6
April 01, 2014
Starting at $795 (includes annual maintenance and support, plus upgrades).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Documentation and ease of installation.
- Weaknesses: Behind the initial dashboard, large data blocks were hard to read.
- Verdict: This is a good entry-level SIEM.
The ManageEngine EventLog Analyzer has most of the features you would expect in a SIEM, and supports more than 700 devices from 30-plus vendors. The product has an icon-base graphic dashboard that accesses most features. There is a useful set of predefined reports addressing various compliance demands (such as PCI-DSS, FISMA, SOX, ISO 27001 and HIPAA), user activity reports, privileged user monitoring and auditing (PUMA), failed logons, object access and more. The custom report builder allows users to build their own reports based on user-defined criteria.
EventLog Analyzer retains log data generated by network systems, devices and applications in a centralized repository. It encrypts the log data to ensure data is secured for forensic analysis and compliance audits. The archived data is hashed and time-stamped to show evidence that the logs have not been tampered with. EventLog Analyzer collects log data from agent and agentless data sources (typically from syslog or WMI sources). By default, the tool uses a PostgreSQL database (users can choose other databases, such as My SQL or MS SQL depending on the needs). The system also enables log import from a local/remote host through HTTP/HTTPS and FTP. The Universal Log Parsing and Indexing (ULPI) technology enables the import of logs irrespective of data source. The Real-Time Event Response function sends out instant alerts via email, SMS or triggers remediation script based on correlation rules. The system provides facilities an option to build custom alerts. Normalized log data is accessed by the Report Builder, Integrated Compliance Management System and Real-Time Event Response system to trigger alerts.
Installation and configuration documents and installation software came on a CD. The installation was easy, taking less than 30 minutes to get the system up and running. The company's website provided a great set of additional resources for using the tool. EventLog Analyzer can be installed using 32-bit/64-bit VMware, Windows and Linux environment with minimal prerequisites/technical specifications. Its installation should be on a dedicated PC or server. The software can be resource intensive and a busy processor may cause problems while collecting event logs. However, once the system was running, it was easy to work with almost all of the functions and features.
The support costs were not clearly defined. Basic no-cost support is offered to evaluators who need technical support during their product evaluation. Email, telephone and web-based support is available during local business hours.
There are four support levels. The initial level handles basic customer issues. A more in-depth technical level offers up support engineers. A higher level handles the most difficult or advanced problems and includes on-site aid by a technician. At the top level, a product manager steps in and gets the problem solved.
Without knowing the various support costs for the product, it is difficult to determine the full value. However, based on just the cost of the product itself, this is a good value for companies looking for an entry-level SIEM.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say