We’re extremely excited to announce the availability of the EventSentry v5.1, which will detect threats and suspicious behavior more effectively – while also providing users with additional reports and dashboards for CMMC and TISAX compliance. The usability of EventSentry was also improved across the board, making it easier to use, manage and maintain EventSentry on a day-by-day basis.
One of the best real-time event log monitoring engines got a lot smarter in v5.1 and can now detect unusual behavior like the following:
- A user who never logged on to a server/workstation
- A user connects from a remote IP from which he/she usually doesn’t normally connect from
- A previously unknown process starts
- A process loads a DLL it has never loaded before (requires Sysmon)
But the best part about the new Anomaly detection is that it’s customizable – so anybody can create their own anomaly rules based on their needs.
Anomaly filters utilize insertion strings of events, so they work best with well-formatted events from the security or Sysmon event logs.
EventSentry ships with a number of built-in anomaly filters, but watch the official training video to understand how anomaly filters work to create your own.
Database Maintenance & Web-Based DB Maintenance Jobs
Also new is the ability to schedule database maintenance jobs directly from the web reports – so it’s no longer necessary to create or edit (embedded) scripts, application or task schedulers just to keep your database size in check. Simply schedule a job in the web reports and review the results after the job completed. The maintenance jobs themselves have also been improved and will attempt to free up disk space after each purge cycle when using the built-in database.
We’ve also improved the database usage page, which now shows significantly more details about the database health, including trends to help identify features that are growing in size.
Dynamic Package Updates
Unlike validation scripts, which (can) automagically update in the background so you can enjoy the latest checks with the click of a button, package updates have been a bit slower and more clunky. But this is all in the past, as package updates use the same update engine like our popular validation scripts, and can now seamlessly keep select packages up to date.
As such, users with active maintenance agreements can expect a lot more package updates to be made available to help you detect and defend against emerging threats. This new functionality also allows you to apply filters rules in JSON format directly into the management console, e.g. from KB articles or blog posts.
Keeping NTFS file permissions clean and updated can be a tedious task, even when you follow best practices (e.g. create groups for each file share and assign permissions to those groups), it can be quite difficult to stay on top of all file shares and folders, especially in medium and large-sized networks.
To which files and folders does a user have access? Who has access to critical folders?
EventSentry’s new permission inventory enumerates configured folders and their permissions (on a configurable schedule – e.g. daily), and presents them in the familiar Summary/Detailed view, making it straightforward to answer exactly those questions.
Watch the official training video for more information.
Every database-enabled feature in EventSentry can now store data in multiple databases, something that was previously only available in select features. This will make it easier to store all collected data in an active as well as an archive database simultaneously.
ADMonitor can now send data through the collector, the only component in EventSentry that did previously not have support for the collector.
EventSentray now also shows the network utilization and sports a useful “Internet Test” dialog which can test various aspects of your Internet connection – something that’s especially handy for mobile endpoints (aka “laptops”). The official training video has more information on EventSentray and how to configure & deploy it.
Compliance requirements like CMMC, PCI, HIPAA, NIST and others continue to evolve and affect more and more companies. As important as compliance frameworks are with providing structure and guidance, companies often find it difficult to apply what are often vague rules and requirements.
Our new CMMC v2 and TISAX reports/dashboards bring together many features in EventSentry and provide a real-time status and overview of your compliance status. And our new dashboards provide actionable data that can be used to increase the security of your network – not just check boxes.
While every EventSentry release tends to incorporate little tweaks and improvements, v5.1 features many usability and troubleshooting enhancements:
- Insertion strings in filters (when available) now show the name of the string instead of just the number, making it a lot easier to create and manage complex filters.
- The “Save Configuration” prompt in the management console would often be displayed even when no changes were made. This has been improved significantly and you should see this prompt much less often in v5.1, with more improvements planned in future versions.
- A new “GoTo” button will jump to any item in the tree that contains the specified text.
- Collector users can see collector health right in the management console without having to access the web reports, while the collector status page in the web reports also shows the collector latency and throughput of individual agents.
In addition to a EventSentry’s comprehensive documentation all users now have access to a 60+ free training videos – with a total runtime of over 10 hours – organized into playlists. All videos are accessible on our YouTube channel in the Playlists section, with a training section on eventsentry.com coming soon as well. We highly encourage you to browse the new training videos – they are useful for new users and experienced users of EventSentry alike. Please upvote videos you enjoyed, we’re also happy for any feedback!