Native event logging mechanisms provided by Windows and Unix systems, as well as network devices (such as Cisco and Checkpoint), don't have built-in consolidation, archiving, alerting, and reporting features required to effectively utilize event data and comply with external regulations like SOX, HIPAA, PCI, and others. Numerous event logs and syslog events exist in uncompressed formats spread all over the network, with countless events lost every day because of overwrites, causing a breach in both security and compliance mandates (download Summary: Limitations of Native Tools).
Event log management with Netwrix Auditor allows you to collect events from Windows event logs and syslogs from multiple computers across the network, alerting to and reporting on most critical events, centrally archiving these events in a compressed format that enables convenient analysis of archived event log data. The product supports unlimited number of servers and features long-term archiving storage and distributed data collection for highest performance. The long-term archiving of event logs is required by compliance regulations, e.g., SOX and HIPAA require 7 years of data, PCI requires 1 year, etc.
This feature is available in the Netwrix Auditor solutions for:
Netwrix Auditor allows you to audit changes made in IIS configurations to secure sites and Web-based applications. All changes related to IIS application pools and websites are collected from Windows event logs and can be aggregated from multiple IIS servers. Built-in reports allow you to quickly see IIS configuration changes made by a user across all of your environment, or simply drill into details for specific date range, server, application pool, or website. Read instructions on how to audit IIS with Netwrix Auditor.
Netwrix Auditor aggregates syslog messages from multiple Cisco devices. With built-in alerting and reporting, Netwrix Auditor increases visibility into your network security. Messages that belong to User Authentication and Command Interface classes are additionally parsed to allow more granular filtering and grouping in reports. Reports included with Netwrix Auditor allow you to see all events for any given device, authentication events and commands executed by specific users across multiple devices, as well as all configuration operations (including reading configuration from and writing configuration to a device). The functionality supports all Cisco network devices that comply with Cisco Syslog ASA specification v8.0 and above. Read instructions on how to audit Cisco with Netwrix Auditor.
Features and benefits:
Unlike traditional log management solutions (SIEM), which are too generic and don't meet change auditing needs, Netwrix Auditor helps to easily find relevant answers to key questions: who changed what, when and where in the entire IT infrastructure, including previous and new values for modified settings. The product generates easy-to-understand reports with complete information on every change that has occurred in the IT infrastructure and helps to sustain regulatory compliance, adhere to business processes, tighten security, minimize risk, avoid downtime, and monitor network resources.