ManageEngine EventLog Analyzer v8.6
April 01, 2014
Starting at $795 (includes annual maintenance and support, plus upgrades).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Documentation and ease of installation.
- Weaknesses: Behind the initial dashboard, large data blocks were hard to read.
- Verdict: This is a good entry-level SIEM.
The ManageEngine EventLog Analyzer has most of the features you would expect in a SIEM, and supports more than 700 devices from 30-plus vendors. The product has an icon-base graphic dashboard that accesses most features. There is a useful set of predefined reports addressing various compliance demands (such as PCI-DSS, FISMA, SOX, ISO 27001 and HIPAA), user activity reports, privileged user monitoring and auditing (PUMA), failed logons, object access and more. The custom report builder allows users to build their own reports based on user-defined criteria.
EventLog Analyzer retains log data generated by network systems, devices and applications in a centralized repository. It encrypts the log data to ensure data is secured for forensic analysis and compliance audits. The archived data is hashed and time-stamped to show evidence that the logs have not been tampered with. EventLog Analyzer collects log data from agent and agentless data sources (typically from syslog or WMI sources). By default, the tool uses a PostgreSQL database (users can choose other databases, such as My SQL or MS SQL depending on the needs). The system also enables log import from a local/remote host through HTTP/HTTPS and FTP. The Universal Log Parsing and Indexing (ULPI) technology enables the import of logs irrespective of data source. The Real-Time Event Response function sends out instant alerts via email, SMS or triggers remediation script based on correlation rules. The system provides facilities an option to build custom alerts. Normalized log data is accessed by the Report Builder, Integrated Compliance Management System and Real-Time Event Response system to trigger alerts.
Installation and configuration documents and installation software came on a CD. The installation was easy, taking less than 30 minutes to get the system up and running. The company's website provided a great set of additional resources for using the tool. EventLog Analyzer can be installed using 32-bit/64-bit VMware, Windows and Linux environment with minimal prerequisites/technical specifications. Its installation should be on a dedicated PC or server. The software can be resource intensive and a busy processor may cause problems while collecting event logs. However, once the system was running, it was easy to work with almost all of the functions and features.
The support costs were not clearly defined. Basic no-cost support is offered to evaluators who need technical support during their product evaluation. Email, telephone and web-based support is available during local business hours.
There are four support levels. The initial level handles basic customer issues. A more in-depth technical level offers up support engineers. A higher level handles the most difficult or advanced problems and includes on-site aid by a technician. At the top level, a product manager steps in and gets the problem solved.
Without knowing the various support costs for the product, it is difficult to determine the full value. However, based on just the cost of the product itself, this is a good value for companies looking for an entry-level SIEM.
Sign up to our newsletters
SC Magazine Articles
- RSA: Cyber-security industry is "fundamentally broken", says Amit Yoran
- DOD contractors pay $13 million fine for hiring Russian programmers
- Top Priority: Federal Government must get cybersecurity right
- Cyber and real war come together in the Ukraine
- Version 4.0 of ransomware Cryptowall released, now encrypts file names