For the best web experience, please use IE11+, Chrome, Firefox, or Safari

InTrust

Event log management software. Your organization’s most valuable asset is its data and the users who have access to it — but you’re only as secure as your user workstations. Collecting, storing and analyzing all user and privileged account data generally requires large amounts of storage, time-consuming collection of event data and in-house expertise about the event log data collected. That’s where we come in.

Quest InTrust is smart, scalable event log management software that lets you monitor all user workstation and administrator activity from logons to logoffs and everything in between. Slash storage costs with 20:1 data compression, and store years of event logs from Windows, UNIX/Linux servers, databases, applications and network devices. InTrust real-time log monitoring and alerting enables you to immediately respond to threats with automated responses to suspicious activity.
Product overview of InTrust 07:08

20:1

Data compression

60K

Events per second

60%

Storage cost savings

Key capabilities

Central log collection
Event log compression
Simplified log analysis
Alerting and response actions
SIEM integration
How to collect custom applications and services logs 09:08

Central log collection

Collect and store all native or third-party workstation logs from various systems, devices and applications in one, searchable location with immediate availability for security and compliance reporting. Get a unified view of Windows event logs, UNIX/Linux, IIS and web application logs, PowerShell audit trails, endpoint protection systems, proxies and firewalls, virtualization platforms, network devices, custom text logs, as well as Quest Change Auditor events.

How much data are you sending to SIEM?

Try this ROI calculator to see how much money you can save your organization.

Additional features

User workstation log monitoring

Protect your workstations from modern cyberattacks, such as pass-the-hash, phishing or ransomware, by monitoring user and administrator activity — from logons to logoffs and everything in between. Collect and store all essential details of user access, such as who performed the action, what that action entailed, on which server it happened and from which workstation it originated.

Hyper scalability

One InTrust server can process up to 60,000 events per second with 10,000 agents or more writing event logs simultaneously, giving you more efficiency, scalability and substantial hardware cost savings. And for large, enterprise organizations who need more volume, you can simply add another InTrust server and divide the workload — scalability is virtually limitless.

Improved insights with IT Security Search

Leverage the valuable insights from all of your Quest security and compliance solutions in one place. With IT Security Search, you can correlate data from InTrust, Change AuditorEnterprise ReporterRecovery Manager for AD, and Active Roles in a responsive Google-like, IT search engine for faster security incident response and forensic analysis. Easily analyze user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.

Automated best practice reporting

Easily convert investigations into multiple report formats, including HTML, XML, PDF, CSV and TXT, as well as Microsoft Word, Visio and Excel. Schedule reports and automate distribution across teams or choose from a vast library of predefined best practice reports with built-in event log expertise. With data import and consolidation workflows, you can even automatically forward a subset of data to SQL Server for further advanced analysis.

Tamper-proof logs

Protect event log data from tampering or destruction by creating a cached location on each remote server where logs can be duplicated as they are created.

Abu Dhabi Ports

With InTrust and Change Auditor, we have confidence that all changes and other actions are properly audited and tracked, and all the data is automatically consolidated and stored in an encrypted repository.

Zaid Al-Ali Infrastructure & Service Delivery Manager, Abu Dhabi Ports Read Case Study

Fortune 500 Automotive & Transport Company

I believe the product offers invaluable security reporting and alerting capabilities. While other products do similar things, I feel that InTrust is positioned to enable a quick implementation that delivers immediate value in the audit and compliance arena.

Senior IT Manager, Fortune 500 Automotive & Transport Company

Federal Government

We are using Quest InTrust for management of event logs in an environment where auditing is turned up way too high. We are looking at Splunk for analytics and are in the process of setting up ingestion of the InTrust repository contents.

Engineer, Federal Government Read Case Study

Tour

Real-time log collection
Pre-defined searches
SIEM event forwarding
Unix/Linux log management
Syslog parsing
Interactive user sessions
Password spray alerts
PowerShell monitoring
Dynamic operators
Export built-in reports
IT Security Search
Real-time log collection

Real-time log collection

Automate real-time gathering of event logs from a single console with our event log management software. 

Specifications

The components installed by default are InTrust Deployment Manager, InTrust Server and InTrust Repository Viewer. If you customize the selection to install individual components, see the requirements for the components you need in the InTrust System Requirements document supplied in the product download. If you use the default selection, the combined requirements are as follows:

Architecture
  • x64
Operating System
  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
CPU

Min. 4 cores (for example, for evaluation purposes).

For any real-world uses, at least 8 cores are recommended.

Memory

Min. 4GB (for example, for evaluation purposes).

For any real-world uses, at least 8GB are recommended.*

Additional Software and Services
  • Microsoft .NET Framework 4.6.2 or later with all the latest updates
  • Microsoft SQL Server Native Client 11.0.6538.0 or later (version 11.0.6538.0 redistributable package of the client is included in the InTrust distribution) Important: Install the required version of the client in advance, and only then install InTrust.
In a virtualized environment

If you deploy InTrust on a virtual machine, make sure the CPU and memory requirements above are met, and do not overload the virtual machine host.

For the configuration database:
  • Microsoft SQL Server 2019
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2016
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2012

Resources

Datasheet

InTrust

Securely collect, store and receive event data from Windows, Unix and Linux systems
White Paper

How to Improve your SIEM’s ROI and Threat-Hunting Potential

Are you getting maximum value from your SIEM? Probably not — 54 percent of cybersecurity pros say that their SIEM detects...
White Paper

SIEM Integration Best Practices: Making the Most of Your Security Event Logs

The key to breaking free of this conundrum is recognizing that you don't have to send every log you collect to your SIEM. Downl...
E-book

Top 3 workstation logs to monitor: Improve endpoint security with Sysmon, PowerShell and securit...

Improve endpoint security and log management. Learn the top 3 workstation logs to monitor and how Quest InTrust and IT Security...
On Demand Webcast

5 Best Practices for Endpoint Log Monitoring

Register for this live webcast and join experts Brian Hymer and Sergey Goncharenko, as they discuss the best practices for endp...
On Demand Webcast

Key Issues to Consider in Endpoint Security

Watch this on-demand webcast and join security experts as they explore the need for better endpoint log management, which curre...
Case Study

Retailer Ensures PCI DSS Compliance

Any retailer that wants to continue accepting credit cards needs to maintain compliance with PCI DSS standards — and prov...
White Paper

Integrated change auditing and event log management for strong security

This white paper explores how you can use Change Auditor and InTrust, either alone or in combination with your SIEM, to improve...

Get started now

Monitor user activity. Slash storage costs. Respond to threats quickly

Support & services

Product Support

Self-service tools will help you to install, configure and troubleshoot your product.

Support Offerings

Find the right level of support to accommodate the unique needs of your organization.

Professional Services

Search from a wide range of available service offerings delivered onsite or remote to best suit your needs.