ManageEngine EventLog Analyzer v8.6
April 01, 2014
Starting at $795 (includes annual maintenance and support, plus upgrades).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Documentation and ease of installation.
- Weaknesses: Behind the initial dashboard, large data blocks were hard to read.
- Verdict: This is a good entry-level SIEM.
The ManageEngine EventLog Analyzer has most of the features you would expect in a SIEM, and supports more than 700 devices from 30-plus vendors. The product has an icon-base graphic dashboard that accesses most features. There is a useful set of predefined reports addressing various compliance demands (such as PCI-DSS, FISMA, SOX, ISO 27001 and HIPAA), user activity reports, privileged user monitoring and auditing (PUMA), failed logons, object access and more. The custom report builder allows users to build their own reports based on user-defined criteria.
EventLog Analyzer retains log data generated by network systems, devices and applications in a centralized repository. It encrypts the log data to ensure data is secured for forensic analysis and compliance audits. The archived data is hashed and time-stamped to show evidence that the logs have not been tampered with. EventLog Analyzer collects log data from agent and agentless data sources (typically from syslog or WMI sources). By default, the tool uses a PostgreSQL database (users can choose other databases, such as My SQL or MS SQL depending on the needs). The system also enables log import from a local/remote host through HTTP/HTTPS and FTP. The Universal Log Parsing and Indexing (ULPI) technology enables the import of logs irrespective of data source. The Real-Time Event Response function sends out instant alerts via email, SMS or triggers remediation script based on correlation rules. The system provides facilities an option to build custom alerts. Normalized log data is accessed by the Report Builder, Integrated Compliance Management System and Real-Time Event Response system to trigger alerts.
Installation and configuration documents and installation software came on a CD. The installation was easy, taking less than 30 minutes to get the system up and running. The company's website provided a great set of additional resources for using the tool. EventLog Analyzer can be installed using 32-bit/64-bit VMware, Windows and Linux environment with minimal prerequisites/technical specifications. Its installation should be on a dedicated PC or server. The software can be resource intensive and a busy processor may cause problems while collecting event logs. However, once the system was running, it was easy to work with almost all of the functions and features.
The support costs were not clearly defined. Basic no-cost support is offered to evaluators who need technical support during their product evaluation. Email, telephone and web-based support is available during local business hours.
There are four support levels. The initial level handles basic customer issues. A more in-depth technical level offers up support engineers. A higher level handles the most difficult or advanced problems and includes on-site aid by a technician. At the top level, a product manager steps in and gets the problem solved.
Without knowing the various support costs for the product, it is difficult to determine the full value. However, based on just the cost of the product itself, this is a good value for companies looking for an entry-level SIEM.
Sign up to our newsletters
SC Magazine Articles
- Website observed serving 83 executable files, more than 50 percent malware
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- TeslaCrypt used to extort over $76K in recent months
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- FTC gives thumbs up to companies that cooperate during breach probes
- Researchers publish developer guidance for medical device security
- Senate gears up for Saturday USA Freedom Act vote; House breaks for recess
- Researchers observe SVG files being used to distribute ransomware
- Federal prosecutors charge Chinese nationals with trade secret theft