Prism Microsystems EventTracker
Strengths: Feature-rich SIEM that does not require a database license, allowing for scalability.
Weaknesses: Extensive feature depth, while a good thing, will take some time to become accustomed to. Not designed specifically for forensic use.
Verdict: Solid product with solid features, and has good value for the money as well.
SummaryEventTracker is a robust security information and event log management (SIEM) tool that has a lot of useful features. This software has extensive event tracking with the ability to report these events. Prism Microsystems has successfully incorporated real-time analysis into one product that sets itself apart from other SIEM tools. EventTracker stores and compresses log data in a secure (SHA1) format. EventTracker, although not explicitly a forensic tool, has a lot of functionality that is extremely useful in a network forensic environment.
The setup for this product was straightforward. Post-installation it was merely a matter of configuring the agents and pushing them to systems on the network. This appliance has a substantial number of pre-defined rules allowing for minimal configuration for the user. EventTracker has an easy-to-navigate control panel where all available features are accessible. While EventTracker provides a number of useful features, it will take some getting used to.
The tool has many abilities that prove it to be an excellent performer. This appliance can monitor and manage events from Windows syslog and syslog-ng, Solaris BSM, z/OS, SNMP, and flat file logs. Generating reports based on selectable criteria is both an easy and effective performance feature.
Documentation is solid. There are multiple guides which cover a variety of topics.
Prism Microsystems has an in-depth support system that features a FAQ page, online help page, extensive product documentation and feature usage. In addition, the company provides a series of video-based training tutorials. The training tutorials help users to further their proficiency with the product. They offer email and phone support, and after-hours support requests via email will be responded to with an on-call engineer.
With the first year of maintenance/support included in the license fee and a typical 50 server setup being $19,995, the price is not unreasonable. EventTracker is loaded with useful features, but will require some getting accustomed to. However, once you are familiar with the product, we see this as an excellent forensics and incident analysis tool.