April 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy to deploy for smaller environments
- Weaknesses: Device and log support is limited
- Verdict: Good choice if it supports your environment
ManageEngine's EventLog Analyzer from Zoho is a little application that provides a lot of functionality. It takes an agentless approach to collecting and analysing machine-generated logs. It can collect and normalise event logs and machine data and make them available for analysis, searching, report generation and archive, all in an easy-to-use web-based interface.
We found installation to be just about as simple as it gets. The installation executable can be downloaded from the ManageEngine website. We ran it on one of our Windows servers, and after a short installation wizard we were up and running. The product itself is quite small and lightweight, so it can sit on almost any hardware. After this was complete, we were able to access the web-based management interface. We found this to be a little overwhelming at first, but after a few minutes of wandering around felt pretty comfortable using the controls.
Adding assets and log sources is quite easy and the product can scan an entire subnet, or devices can be added manually. In our Windows domain environment, we just had to provide administrator credentials and scan our subnet and we were collecting data in minutes. As for analysis, EventLog Analyzer features many charts and graphs in its default dashboard that provide a good overview of what is happening around the network. However, for a more detailed view, it comes preloaded with report templates, including many compliance-based reports, such as SOX, HIPAA, GLBA, PCI DSS and FISMA.
Documentation included a single help file that is built into the management interface itself. We found this to be quite detailed, but it actually felt more like an administrator guide. It included many screenshots, diagrams and step-by-step configuration and management instructions in a well-organised format. While we did not receive any other manuals, we found that this file did an exceptional job of providing the necessary information to configure and use the product.
Zoho ManageEngine provides no-cost support for the first 30 days of product use. After this, customers on the perpetual licence model must purchase support as part of a maintenance contract. Customers with a subscription model price have assistance included in their subscription cost. Customers receive email- and phone-based technical support, as well as access to a large online support area containing a knowledgebase, user forum, product video tutorials and documentation.
We found this product to be good value for the money. EventLog Analyzer provides some very solid SIEM functionality at a reasonable cost for smaller environments that want to get started with SIEM but cannot afford to invest in a full-scale product.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Researchers hack Visa cards in six seconds
- The information security implications of M&A deals
- Cyber-security must reflect risk not just regulation
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?