Content

Prism Microsystems EventTracker

EventTracker is a robust security information and event log management (SIEM) tool that has a lot of useful features. This software has extensive event tracking with the ability to report these events. Prism Microsystems has successfully incorporated real-time analysis into one product that sets itself apart from other SIEM tools. EventTracker stores and compresses log data in a secure (SHA1) format. EventTracker, although not explicitly a forensic tool, has a lot of functionality that is extremely useful in a network forensic environment.

The setup for this product was straightforward. Post-installation it was merely a matter of configuring the agents and pushing them to systems on the network. This appliance has a substantial number of pre-defined rules allowing for minimal configuration for the user. EventTracker has an easy-to-navigate control panel where all available features are accessible. While EventTracker provides a number of useful features, it will take some getting used to.

The tool has many abilities that prove it to be an excellent performer. This appliance can monitor and manage events from Windows syslog and syslog-ng, Solaris BSM, z/OS, SNMP, and flat file logs. Generating reports based on selectable criteria is both an easy and effective performance feature.

Documentation is solid. There are multiple guides which cover a variety of topics.

Prism Microsystems has an in-depth support system that features a FAQ page, online help page, extensive product documentation and feature usage. In addition, the company provides a series of video-based training tutorials. The training tutorials help users to further their proficiency with the product. They offer email and phone support, and after-hours support requests via email will be responded to with an on-call engineer.

With the first year of maintenance/support included in the license fee and a typical 50 server setup being $19,995, the price is not unreasonable. EventTracker is loaded with useful features, but will require some getting accustomed to. However, once you are familiar with the product, we see this as an excellent forensics and incident analysis tool.
Product title
Prism Microsystems EventTracker
Product info
Name: EventTracker Description: Price: typical 50 server setup: $19,995
Strength
Feature-rich SIEM that does not require a database license, allowing for scalability.
Weakness
Extensive feature depth, while a good thing, will take some time to become accustomed to. Not designed specifically for forensic use.
Verdict
Solid product with solid features, and has good value for the money as well.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.