We just raised a $30M Series A: Read our story

Netsurion EventTracker Room for Improvement

Chief Information Security Officer at Samford University

With version 9 there are so many areas where they changed the look and feel and it is so much easier. I really don't have anything that is a pain point or that I have to work around or that I would like to be a little better or easier.

With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9.

There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again. 

We don't have any of those issues with version 9, as long as we're staying within that seven-day window. You get outside the seven-day window and it still performs the same sort of way. And it's not EventTracker or SIEMphonic's fault; it's just the way they store the data and have to be able to open the data back up. But the look and feel of the query tool is still exactly the same as it was. It's just a matter of whether you are looking at that real-time, very quick access, or you are looking at more of an archive-type.

View full review »
Senior Director, Information Security at a pharma/biotech company with 1,001-5,000 employees

I like the dashboard. Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging.

Once I expand an event I can usually cut and paste out of there into the Elasticsearch side of it to get a broader view. But it's a multi-step process. I'd would like to see them add something that lets me right-click and immediately search to it, instead of having to walk through a couple of windows. When you're doing research on events, that kind of stuff adds up in your day. It's two or three clicks, but when you're driving through a bunch of analyses, that can start to add up quickly. When it's an event that you've got going on and you need to find out what's truly happening, time is of the essence. Anything that can shorten that would be beneficial.

View full review »
Chief Information Officer at ECRMC

Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told. So far, I have not understood or heard of any issues that were more process or tool-related, it's individual-related. 

The industry is changing. The landscape is changing all the time and they seem to do a pretty good job of keeping up with that. That's a challenge in information security. That's a target that doesn't just move. It moves from room to room, to room, not just a few inches, one way or the other. You're constantly changing. You're chasing a moving target that's really moving. It boils it down to here's what we think is going on versus our people. If all they did was keep track of what was going on in the industry, that's all they'd do because I only have two people.

View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Director of Application Development and Architecture at South Central Power Company

In terms of advanced queries, I wouldn't say EventTracker is lagging behind its peers. The latter just make it easier to get to them. EventTracker is designed more for a small to medium type business, which is where we fit. With a competitive tool like Splunk or LogRhythm, you're not going to get what you get with these guys out-of-the-box. With EventTracker, you're going to have to build all that yourself from scratch. You're going to have to learn that markup language to do so.

I want to stress: We're very happy with not having to deal with that out-of-the-gate. If we need to, we can always call support and they can assist us in writing those more advanced queries. The functionality exists to do advanced queries, they're just not right in your face like they are in a competitive product. But for us, that's what we want.

There's always room for improvement in terms of performance and alerting options. It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email. But those are all things that they'll grow into over time.

View full review »
Sr. Information Technology Security Engineer at a university with 1,001-5,000 employees

The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated. We just got a new fan, which is all-flash. Last week, the server was migrated from spinning disks to the new flash. Now, we have moved from hard drives to SSDs, and Elasticsearch is working a lot faster.

EventTracker's UI is okay. There are some issues that I have ran into. Some stuff doesn't display on different browsers, which you think would. You think you are missing something, and you actually are. If you use a different browser at work, it works differently. That is sort of frustrating. The big thing is they have a newer version or something out other than a new update to version 9. I don't know if they're on version 9.1 or 10 (or whatever). We weren't going to update until we could try to get the Elasticsearch capability (which we now have) and migrate over to the new SAN thing. 

There are a couple things that we had to tweak. One of the other things is we are getting DNS and DHCP logs from servers, which we thought required a different Microsoft hotfix, but it didn't. EventTracker's documentation wasn't current. So, it took a little while to get the DNS and DHCP logging figured out. Once we finally got it figured out, we got those set.

The searching capability has room for improvement. I know they are working on it. They have Microsoft SQL, then Elasticsearch, and it's hard to determine when I am searching what exactly it's searching through, as there is the Elasticsearch archive thing, RAID and the Microsoft SQL searching, and some like cache search things. So, there are about three different searches, and sometimes it takes a bit of trial and error to figure out what information I am actually getting.

Users need to be on SSDs in order for Elasticsearch to work well.

View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.