InTrust

Gain IT Insight with on-the-fly data investigations

Securely collect, store, and receive event data from Windows, Unix and Linux system.

InTrust enables you to securely collect, store, search and analyze massive amounts of IT data from numerous data sources, systems and devices in one place. Get real-time insights into user activity for security, compliance and operational visibility. With one view know what resources users have access to, how that access was obtained and how it was used.

With InTrust you can:

  • Reduce the complexity of searching, analyzing and maintaining critical IT data scattered across information silos
  • Speed security investigations and compliance audits with complete real-time visibility of your privileged users and machine data in one searchable place
  • troubleshoot widespread issues should an incident occur
  • Save on storage costs and adhere to compliance event log requirements (HIPAA, SOX, PCI, FISMA, etc.) with a highly compressed and indexed online long-term event log repository

Features

  • Improved insights with IT Search – Correlate disparate IT data from numerous systems and devices into an interactive search engine for real-time search and analysis. Include user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.
  • On-the-spot security and compliance view – Pass audits, review security incidents and reveal any malicious insider activity in less time and with more confidence. One view quickly answers tough questions including what resources users have access to, how that access was obtained and how it was used afterwards.
  • Dynamic investigation paths – Start investigations into users, groups, shares, files or events and quickly pivot into other views as new details emerge for a more complete investigation.
  • Real-time log collection and analysis – Automate, secure and scale the collection of event logs across servers, network devices and workstations with immediate availability for analysis, security and compliance reporting.
  • Automated best practice reporting – Easily convert investigations into multiple report formats. Schedule reports and automate distribution across teams or choose from a vast library of pre-defined best practice reports with built in event log expertise.
  • Tamper-proof logs – Enables you to create a cached location on each remote server where logs can be duplicated as they are created, preventing a rogue user or administrator from tampering with the audit log evidence.
  • Indexed repository – Archive and conduct full-text search on long-term event log data for compliance and security purposes in a highly compressed and indexed online repository, saving storage costs and time spent searching for events.
  • Single pane of glass – Run smart searches on auditing data from Dell Enterprise Reporter and Change Auditor to improve security, compliance and operations while eliminating information silos from other tools.
  • Monitor and alert on activity – Sends real-time alert notifications about unauthorized or suspicious user activity directly to you via email or to third-party monitoring applications such as Microsoft Operations Manager (MOM).
  • Integration with SIEM solutions – Forwards all log data collected from Windows servers and network devices to a security information and event management (SIEM) solution of your choice. Supports customizable event output formats to seamlessly integrate with a wide variety of SIEM solutions.
  • Diverse systems support – Get a unified view into event log data from Windows, Unix/Linux, network devices, custom text logs and more. Make sense of log events by leveraging their simplified and normalized representation of Who, What, When, Where and Workstation.

Specifications

InTrust Deployment Manager

ArchitectureAny of the following:
  • Intel x86
  • Intel 64 (EM64T)
  • AMD64
  • IA64
Operating systemAny of the following:
  • Microsoft Windows XP Service Pack 1 or later
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 R2
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008 (not tested on IA64)
  • Microsoft Windows Server 2008 R2 (not tested on IA64)
  • Microsoft Windows 7
  • Microsoft Windows Server 2012 R2
Additional Software and ServicesFor installation through the InTrust setup suite, Microsoft .NET Framework 3.5 Service Pack 1

 

To create reports interactively using Knowledge Portal:
  • Microsoft .NET Framework 2.0

Note: Requirements for local or remote installation of Knowledge Portal are listed in the Knowledge Portal documentation.

InTrust Server

For InTrust Server:
ArchitectureAny of the following:
  • Intel x86
  • Intel 64 (EM64T)
  • AMD64
  • IA64
Operating SystemAny of the following:
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 R2
  • Microsoft Windows Server 2008 (not tested on IA64)
  • Microsoft Windows Server 2008 R2 (not tested on IA64)
  • Microsoft Windows Server 2012 R2
MemoryMin. 1Gbyte
Hard Disk SpaceMin. 4 Gbytes when installing all components
Additional Software and Services
  • Microsoft .NET Framework 3.5
  • For installation through the InTrust setup suite, Microsoft .NET Framework 3.5 Service Pack 1

For agent-server communication:

Computers that are supposed to run InTrust Server must be configured to allow for incoming connections on the TCP port on which your InTrust Servers are configured to communicate with agents (TCP port 900 by default).

For the configuration, alert and audit databases:

Any of the following:

  • Microsoft SQL Server 2000 Service Pack 3a or later
  • Microsoft SQL Server 2005
  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2012 with or without Service Pack 1
  • Microsoft SQL Server 2008 R2
  • Microsoft SQL Server 2014

Notes:

  • A local or remote installation of SQL Server can be used.
  • The collation order must be case-insensitive.
  • Microsoft SQL Server Express Edition is not supported.

For reporting jobs:

  • Web server based on Microsoft Internet Information Services (IIS) version 5.0 or later, with ASP.NET *
  • Microsoft SQL Server 2005 or SQL Server 2008 Reporting Services**

Notes:

* A local or remote installation can be used. If you plan to use Microsoft IIS 6.0 or 7.0, make sure ASP extensions are allowed.

** A local or remote installation of Reporting Services can be used; Microsoft SQL Server Express Edition with Advanced Services is not supported.

For requirements on local or remote installation of Knowledge Portal, refer to the Knowledge Portal documentation.

For detailed system requirements for all the InTrust components and processed systems, see the InTrust 11.0 System Requirements document supplied on the product CD.

Resources

Screenshots

Collection searches

Intrust Collection searches

Automate real-time gathering of Windows event logs from a single console.

Pre-defined searches

Pre-defined searches

Use a variety of pre-defined searches to simplify discovery.

Interactive user reports

Interactive user reports

View and save reports in a variety of popular formats.

In-depth IT Search

Perform on-the-fly compliance and security investigations.

Perform on-the-fly compliance and security investigations.

IT Search filters

IT Search filters

Quickly find what you’re looking for with contextual filters.

Search by user

Search by user

View event-data relationships to speed up IT investigations.

Search user permissions

Search user permissions

Easily understand the “who, what, where and how” of user access.

Search files

Search files

Leverage full text-search capabilities for historical data.