EventSentry v3.4

Providing actionable insights into your network


Get Started

Enhanced Ransomware detection

  • MBR/BootSector Monitoring & Backup for easy recovery
  • File Entropy describes the randomness of a file, essentially a metric that can help detect compressed and encrypted files.

MBR / Bootloader backup


EventSentry Software Updates

Software Version Checker

In v3.4 we are taking this to the next level by providing the latest version available from the publisher for a growing list of 100+ software packages so that you can effortlessly identify outdated software on your network.




UPS & Battery Monitoring

Any UPS directly attached to a server/workstations that is detected by Windows can now be monitored by EventSentry. The status of the UPS will show up on the host inventory page, and alerts will be generated when a host is on battery power and back on AC power. EventSentry can also initiate a shutdown when the remaining run-time or charge level falls below a certain limit.


UPS Monitoring


EventSentry User Activity

User Activity

The user activity page makes seeing all activity by a user as easy as never before!

  • Logons
  • Processes
  • File Access
  • Active Directory Changes
  • Tasks
  • Events



Audit Policy Status

Reviewing the current audit status of all monitored hosts can be important however, if only to verify that group policies are configured correctly.

  • Compare/review audit settings of a particular sub category (e.g. “Registry”) among all monitored hosts
  • View all disabled audit settings across all or select hosts
  • (Re)view audit settings based on computer types (e.g. domain controllers, servers, workstations)

Audit Policy Status


EventSentry Syslog

Expanded Syslog Formats

Starting with version 3.4, EventSentry now supports the following formats in the Syslog action:

  • RFC 3164 (legacy)
  • Snare
  • RFC 5424
  • GELF (Graylog)
  • Common Event Format (CEF)
  • JSON (customizable)






Added in EventSentry v3.3


NetFlow

Collecting NetFlow data allows you to see all traffic metadata which passes through network devices that support NetFlow, including:

  • Visualize all network traffic in a variety of ways and reports
  • Analyze network data for forensic investigation
  • Utilize network traffic data for troubleshooting purposes
  • Map network traffic to geo location
  • Correlate network traffic with Active Directory users (requires workstation monitoring)
  • Measure bandwidth utilization

Compliance Reporting


EventSentry Notes

Notes / Documentation

Communicating and documenting your network has just become a lot easier – add notes and/or upload documents in the web reports. Simply @ mention the computer name and the web reports will associate the update with the respective device on the network.




Enhanced Event Messages with GeoIP

EventSentry can automatically extract IP addresses from any event and supplement the IP addresses with reverse lookup and/or Geo IP lookup data. Providing geolocation and/or host names inside the email makes the usability of email alerts for the recipient significantly more useful without requiring the recipient to perform manual lookups.


Geo IP


EventSentry Notes

Expanded Compliance Reports

Our compliance module has been updated with new requirements. It is now possible to automate reports to be sent via email or saved directly to a folder.

  • PCI-DSS
  • FISMA
  • HIPAA
  • GLBA
  • Sarbanes Oxley
  • ISO 27001:2013 NEW






Added in EventSentry v3.2


Central Collector Service

A central collector service supports data collection over insecure mediums (e.g. Internet) through strong TLS encryption. Also supports local caching and compression.

  • Database
  • Email (SMTP)
  • Syslog
  • Text File

Compliance Reporting


Switch port mapping

Switch Inventory

Finding the port on a switch to which a server, workstation or network device is connected is often a time-consuming and annoying process for most SysAdmins. Starting with version 3.2, EventSentry tries to ease that pain by showing exactly to which switch – and port – a host is connected to. All you need to do is add the switch to the EventSentry configuration.




Compliance Requirements

The new compliance module will install a number of reports that pertain to the specific compliance requirement that was enabled. Every report will be associated with a specific control (e.g. PCI 10.2.2) and allow you to setup a required review, job and more.

  • PCI-DSS
  • FISMA
  • HIPAA
  • GLBA
  • Sarbanes Oxley


Compliance Reporting


Enhanced Language Support

Finally, the web reports are now also officially available in 6 additional languages: French, Spanish, Polish, Portuguese, Dutch and Italian. This brings the total number of supported languages in the web reports to 9!





Added in EventSentry v3.1


Multiple Dashboards

Completely overhauled Network Dashboard now offers support for multiple custom dashboards. Share your dashboard and iterate automatically. Also, a new TV mode was added for enhanced viewing on TVs around the office.


Web Reports Web Reports Web Reports

Schedule Reporting

Expanded Tile Options

Display the current status of performance, disk space or environment sensor value. We've added heatmaps, gauges, bullet graphs and meters.



Scheduled Task Inventory

Monitor the scheduled tasks running your network. With change detection you can receive alerts and keep a search history for each task.




Scheduled Tasks

       

Virtual Host Inventory

Quickly see which hosts are running under which servers. Supports Hyper-V and ESX.

  • Virtual Machine Name
  • Current Status
  • Operating System (when available)
  • CPU Count

 




Added in EventSentry v3.0


Powerful Search Queries

The completely redesigned web reports provide several new reporting capabilities with more granular searching syntax to help you find that needle in the haystack.


group:Servers and type:(error or warning)

Web Reports

Schedule Reporting

Scheduled Reporting

Any report can now automatically sent via email. Using this functionality you can generate a detailed report on specific error messages across your network or performance trends on your critical servers.


Network Status

Spot problems with a glance with our improved overview pages. With the new customizable dashboards, you can leave page up and ensure you are always looking at a the most recent information.

Network Status

Network Bandwidth

Cross Platform

We now offer the web reports as a stand-alone installer so you can host your reports any where you would like.


Network Inventory

No more running to server room to look up a service tag number. EventSentry provides a detailed inventory of all your monitored hosts. Quickly see your warranty information, check available memory slots, or identify disk serial numbers.

Network Inventory

Network Bandwidth

Network Monitoring

It is now possible to poll SNMP counters to check the output load on a UPS or view the network bandwidth trends on your routers and switches.

You can now monitor performance metrics (CPU, avaliable memory, etc) on your Linux machines.


Redesigned Management Console

With a fresh look and the new functional ribbon, configuring EventSentry has never been easier! Many common tasks have been simplified so that working with EventSentry is now more intuitive and faster. The new built-in event log viewer makes viewing event logs, including the new Application & Services logs of Windows, much easier than the built-in Windows event viewer.

EventSentry Management Console

EventSentry Management Console

ARP Daemon

The new Arp Watch daemon tracks all network activity on the data link layer to alert you when new devices are added to your network. Network activity is also continuously tracked so that you can see which MAC addresses are actively being used on your network, including MAC to IP address mappings, and when they were last seen. The Arp Watch Daemon also detects ARP Spoof attempts in real-time.


EventSentry v3.4


Get Started