We just raised a $30M Series A: Read our story

Netsurion EventTracker Valuable Features

Chief Information Security Officer at Samford University

Really, all of the features are valuable. Probably the most valuable are the real-time alerts and the weekly reports. They would like to send me the reports daily, but because I'm a one-person shop, I just don't have the time to pour through them. Those weekly reports really give me a view of the landscape and of things that might have slipped through the cracks.

The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, that they do from time to time — gives me real-time visibility into what's going on.

I do like, with version 9, that they have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days. I can go back as far as I have archived, which for us is a set of six months. It all depends on how much you want to store. We store one semester's worth of data. That real-time, very quick access is very helpful for our workflow and the ability to investigate things.

Also with version 9, the overall UI is much better. It's more like Splunk, which is one of their competitors. It has more of that kind of look and feel. You literally drag and drop different fields and elements that you want in your reporting. And with that Elasticsearch, where it's almost instantaneous, it's so much more helpful. Their old query tool was okay, but it had the old look and feel. You picked the field you need and you chose an operator like "equals," etc. This new look and feel really is drag-and-drop. It's so much more modern and very useful. It makes it very efficient if you're looking for something.

View full review »
MO
Senior Director, Information Security at a pharma/biotech company with 1,001-5,000 employees

The report, each day, of the activities that have happened and the ability to archive and go back and research have been extremely advantageous for us. Examples would be a user having either inappropriately touched a file, or an administrator of the infrastructure altering rights or privileges for a user outside of an approved change-control or approved ticket. We have found that, over time, we've been able to mature the discipline of our operational teams by having the ability to see activity that might have occurred outside of standard practice.

In terms of the log data importing, our data went in very easily. That was one of the things that was appealing to us because the product set we use here for antivirus, single sign-on, the authentication services, and the patching services were all in the supported-product suite. So adding them in was simply getting them pointed over there and getting through the change-control windows.

There are a couple of widgets that I use. One is titled "A Possible Compromise" or "Potential Compromise." I use that because it is generally giving me feedback on the login velocity. I can see people who have authenticated to a system but, geographically, have authenticated to another system, and it's not possible to have done that within the time window that those authentications occurred. I find that it's generally a result of them authenticating to their mobile phones, because you don't necessarily egress the carrier's network from the cell tower you're associated to. In our case, we're in Boston. If you happen to be on an AT&T phone, you actually egress either out of Wisconsin or out of New Jersey. So if you log into your laptop and then you pull up email on your phone, it looks like you logged in from one of those two locations as well. We can dismiss those because we're getting used to what that looks like. 

As a result of that, we have picked up two or three folks who have shared passwords, usually with their administrators. They're traveling, they log in from someplace like Japan or Germany, and their admin happens to log in to help take care of an expense report. We tell them, "You have to stop that." We've picked up a few of those types of events. These are the kinds of things that we look forward to the product giving us more and more of as our usage of it matures.

I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up, on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows. It gives some hints.

Occasionally, I'll use EventTracker on my phone because I got a phone call or an alert, but generally, it's on my large panel displays. All of the team has the same setup: multiple, large displays driving off of a laptop.

I tend to like more flexible and detail-structured interfaces. As an example, I don't like to manage my firewalls through the graphical interface. I like to use the command line because it's more granular and it lets me do things a little more quickly. EventTracker has done a nice job in providing both that graphical dashboard and Elasticsearch capabilities. As far as the direct command line goes, I would like there to be a little bit better help in that space. But the fact that they've got both in place is a bonus for the product. As I've learned more about how to do Elasticsearch, it's been beneficial. It's just taking a long time to educate.

View full review »
Chief Information Officer at ECRMC

Monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird.

I like the dashboard. Our security folks look at it all the time. They have it running, they have a big screen monitor in one of their offices and it's up all the time.

I don't use the UI very much but from what I've been told by the security team, it's very easy to use. Compared to other products, the team found it pretty easy to use. We've got the dashboards published on a large screen TV so they can look at it all the time, and then they typically have it on their desk. It is also available on smartphones.

We import log data into EventTracker. It feeds the overall picture of giving us a good quality view of what's going on in our environment.

View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,695 professionals have used our research since 2012.
Director of Application Development and Architecture at South Central Power Company

Other than the log aggregation and alerting, their reports modules have come a long way. But for the most part, we stay right in the wheelhouse of the product to use it to the fullest extent.

The previous version, version 8, had a somewhat antiquated UI. The new version 9 is much easier to use and brings it into the current realm of development. It's very easy, very sleek, and designed relatively well. The version 8 to version 9 upgrade was complete night-and-day. It's significantly improved, and they're putting resources into it to make sure that they continue to stay up to date.

I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there. We're into the product looking more at the log information at that point. Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one. We call that log volume. They're helpful, but we try to dig in a little deeper, off the dashboard, more often than not.

View full review »
JY
Sr. Information Technology Security Engineer at a university with 1,001-5,000 employees

It is fairly easy to use. I am mainly just a one man shop. I look at EventTracker about once a day as far as different incidents and stuff goes. I don't have enough time to be tweaking all types of different things. It is a fairly easy to use as far as the UI goes.

If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches.

View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,695 professionals have used our research since 2012.