Event log management for security and compliance
Securely collect, store, and receive event data from Windows, Unix and Linux system.
InTrust enables you to securely collect, store, report and alert on event log data from your Windows, Unix and Linux systems, ensuring compliance with external regulations, internal policies and security best practices. InTrust helps you gain insight into user activity by auditing user access to critical systems from logon to logoff. It also allows you to detect inappropriate or suspicious access-related events in real time.
InTrust reduces the complexity of event log management across your heterogeneous network, reduces your storage administration costs and enables you to improve the efficiency of security, operational and compliance reporting.
- Key to compliance: Addresses regulatory compliance by collecting in real time and reporting on event logs across the entire IT stack, monitoring user access to critical systems and applications, and enabling forensic analysis of user and system activity based on historical event data.
- User activity tracking: Collects events on user and administrator activity from diverse and widely dispersed systems and applications and presents them in an easy-to-use and complete form suitable for ongoing reporting and ad-hoc analysis. InTrust extracts all the essential details of user access from the time they login to the time they logoff, such as who performed the action, what that action actually entailed, which server it happened on and from which user workstation, console or terminal session it originated.
- Integration with ChangeAuditor: Raises visibility of user activity by finding and reporting both user logon/logoff events and ChangeAuditor events (who changed what, when, where, why, from whose workstation) in real time with a single query from a single interface.
- Privileged account auditing: Collects logs produced by Dell Software’s privileged account management solutions and correlates them with other native logs residing on Windows and Unix/Linux systems. Builds a full picture of shared and superuser account activities, raising individual accountability.
- Integration with SIEM solutions: Feeds all log data collected from Windows servers to a security information and event management (SIEM) solution of your choice. Supports customizable event output formats to seamlessly integrate with a wide variety of SIEM solutions.
- Log data compression: Provides unparalleled long-term data compression, versus storing the same amount of event data in a database.
- Log integrity: Enables you to create a cached location on each remote server where logs can be duplicated as they are created, preventing a rogue user or administrator from tampering with the audit log evidence.
- Forensic analysis: Provides tools for interactive searching through historical event log data for on-the-spot investigation of security incidents and policy violations and preparation of evidence suitable for submission to the court.
- Real-time alerting: Sends real-time alert notifications about unauthorized or suspicious user activity directly to you via email or to third-party monitoring applications such as Microsoft Operations Manager (MOM).
- Flexible reporting: Gives you unprecedented access to predefined and customizable reports, supporting a wide variety of file formats, including HTML, XML, PDF, CSV and TXT, as well as Microsoft Word, Visio and Excel.
InTrust Deployment Manager
|Architecture||Any of the following:
|Operating system||Any of the following:
|Additional Software and Services||For installation through the InTrust setup suite, Microsoft .NET Framework 3.5 Service Pack 1|
To create reports interactively using Knowledge Portal:
- Microsoft .NET Framework 2.0
Note: Requirements for local or remote installation of Knowledge Portal are listed in the Knowledge Portal documentation.
|Architecture||Any of the following:
|Operating System||Any of the following:
|Hard Disk Space||Min. 4 Gbytes when installing all components|
|Additional Software and Services|
For agent-server communication:
Computers that are supposed to run InTrust Server must be configured to allow for incoming connections on the TCP port on which your InTrust Servers are configured to communicate with agents (TCP port 900 by default).
For the configuration, alert and audit databases:
Any of the following:
- Microsoft SQL Server 2000 Service Pack 3a or later
- Microsoft SQL Server 2005
- Microsoft SQL Server 2008
- Microsoft SQL Server 2012 with or without Service Pack 1
- Microsoft SQL Server 2008 R2
- A local or remote installation of SQL Server can be used.
- The collation order must be case-insensitive.
- Microsoft SQL Server Express Edition is not supported.
For reporting jobs:
- Web server based on Microsoft Internet Information Services (IIS) version 5.0 or later, with ASP.NET *
- Microsoft SQL Server 2005 or SQL Server 2008 Reporting Services**
* A local or remote installation can be used. If you plan to use Microsoft IIS 6.0 or 7.0, make sure ASP extensions are allowed.
** A local or remote installation of Reporting Services can be used; Microsoft SQL Server Express Edition with Advanced Services is not supported.
For requirements on local or remote installation of Knowledge Portal, refer to the Knowledge Portal documentation.
For detailed system requirements for all the InTrust components and processed systems, see the InTrust 10.5 System Requirements document supplied on the product CD.