Product Information

EventTracker

starstarstarstarstar

by Keith Gilbert May 01, 2009
Vendor:

Prism Microsystems

Product:

EventTracker

Website:

http://www.prismmicrosys.com

Price

Approximately £14,000 for a typical 50-server setup

RATING BREAKDOWN

  • Features:
    starstarstarstar
  • Ease of Use:
    starstarstarstar
  • Performance:
    starstarstarstarstar
  • Documentation:
    starstarstarstarstar
  • Support:
    starstarstarstarstar
  • Value for Money:
    starstarstarstarstar
  • Overall Rating:
    starstarstarstarstar

QUICK READ

  • Strengths: Feature-rich SIEM, does not require a database licence, helping scalability
  • Weaknesses: Depth of features will take some time to get used to. Not designed specifically for forensic use
  • Verdict: Solid product with useful features, good value for money

EventTracker is a robust security information and event log management (SIEM) tool with a lot of features. It has extensive event tracking, with the ability to report these events. Prism Microsystems has successfully incorporated real-time analysis into one product that sets itself apart from other SIEM tools. Although not explicitly a forensic tool, it has a lot of functionality that is very useful in a network forensic environment.

Setup was straightforward. Post-installation, it was merely a matter of configuring the agents and pushing them to systems on the network. It has a substantial number of pre-defined rules, involving minimal configuration on the user's behalf. It has an easy-to-navigate control panel. While it does provide a number of useful features, it will take some getting used to.

EventTracker has many abilities which prove it to be an excellent performer. It can monitor and manage events from Windows (Vista/XP/2003/2K/NT) syslog and syslog-ng, Solaris BSM, z/OS, SNMP and flat file logs. Generating reports based on selectable criteria is both an easy and effective performance feature. Available disk space is effectively used through the use of a secure (SHA1) format that compresses log data.

Documentation is solid. There are multiple guides which cover a variety of topics, including installation guides, user guides, upgrade guides, as well as release notes. The installation guide provides a step-by-step walkthrough, including many helpful screenshots.

Prism has an in-depth support system. It features a FAQ page, online help page, extensive product documentation and feature usage. In addition, Prism Microsystems provides a series of video-based training tutorials. These help users to further their proficiency with the product and offer email and phone support.

With the first year of support included in the licence fee and a typical 50-server setup being approximately £14,000, the price is not unreasonable by any means. EventTracker is loaded with useful features, but will require some getting accustomed to. However, once you are familiar with its way of working, we see this as an excellent forensics and incident analysis tool.

Reviews For This Vendor

Related Group Test

SC Webcasts UK

Sign up to our newsletters

FOLLOW US