Notice: quest.com will be retired soon. Please visit our new site at software.dell.com

InTrust

Event log management for security and compliance

InTrust securely collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems, helping you comply with external regulations, internal policies and security best practices.

InTrust helps you achieve regulatory compliance and gain deep insights into user activity by auditing user access to critical systems from the time they logon until the time they logoff. InTrust detects inappropriate or suspicious access-related events in real time. With this tool, you can easily collect, analyze, report and generate automated real-time alerts within seconds for all relevant access-related events across your heterogeneous network.

This single solution reduces the complexity of event log management, saves storage administration costs, improves information assurance, mitigates risk and helps to reduce cost and improve efficiency of security, operational and compliance reporting.

Features

  • Key to compliance: Addresses regulatory compliance by collecting in real time and reporting on event logs across the entire IT stack, monitoring user access to critical systems and applications, and enabling forensic analysis of user and system activity based on historical event data.
  • User activity tracking: Collects events on user and administrator activity from diverse and widely dispersed systems and applications and presents them in an easy-to-use and complete form suitable for ongoing reporting and ad-hoc analysis. InTrust extracts all the essential details of user access from the time they login to the time they logoff, such as who performed the action, what that action actually entailed, which server it happened on and from which user workstation, console or terminal session it originated.
  • Integration with ChangeAuditor: Raises visibility of user activity by finding and reporting both user logon/logoff events and ChangeAuditor events (who changed what, when, where, why, from whose workstation) in real time with a single query from a single interface.
  • Privileged account auditing: Collects logs produced by Dell Software’s privileged account management solutions and correlates them with other native logs residing on Windows and Unix/Linux systems. Builds a full picture of shared and superuser account activities, raising individual accountability.
  • Integration with SIEM solutions: Feeds all log data collected from Windows servers to a security information and event management (SIEM) solution of your choice. Supports customizable event output formats to seamlessly integrate with a wide variety of SIEM solutions.
  • Log data compression: Provides unparalleled long-term data compression, versus storing the same amount of event data in a database.
  • Log integrity: Enables you to create a cached location on each remote server where logs can be duplicated as they are created, preventing a rogue user or administrator from tampering with the audit log evidence.
  • Forensic analysis: Provides tools for interactive searching through historical event log data for on-the-spot investigation of security incidents and policy violations and preparation of evidence suitable for submission to the court.
  • Real-time alerting: Sends real-time alert notifications about unauthorized or suspicious user activity directly to you via email or to third-party monitoring applications such as Microsoft Operations Manager (MOM).
  • Flexible reporting: Gives you unprecedented access to predefined and customizable reports, supporting a wide variety of file formats, including HTML, XML, PDF, CSV and TXT, as well as Microsoft Word, Visio and Excel.

Sys Reqs

InTrust Deployment Manager

ArchitectureAny of the following:
  • Intel x86
  • Intel 64 (EM64T)
  • AMD64
  • IA64
Operating systemAny of the following:
  • Microsoft Windows XP Service Pack 1 or later
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 R2
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008 (not tested on IA64)
  • Microsoft Windows Server 2008 R2 (not tested on IA64)
  • Microsoft Windows 7
  • Windows Server 2012
  • Windows 8
  • Microsoft Windows Server 2012 R2
Additional Software and ServicesFor installation through the InTrust setup suite, Microsoft .NET Framework 3.5 Service Pack 1

 

To create reports interactively using Knowledge Portal:

  • Microsoft .NET Framework 2.0

Note: Requirements for local or remote installation of Knowledge Portal are listed in the Knowledge Portal documentation.

 

InTrust Server

For InTrust Server:
ArchitectureAny of the following:
  • Intel x86
  • Intel 64 (EM64T)
  • AMD64
  • IA64
Operating SystemAny of the following:
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 R2
  • Microsoft Windows Server 2008 (not tested on IA64)
  • Microsoft Windows Server 2008 R2 (not tested on IA64)
  • Windows Server 2012
  • Microsoft Windows Server 2012 R2
MemoryMin. 1Gbyte
Hard Disk SpaceMin. 4 Gbytes when installing all components
Additional Software and Services
  • Microsoft .NET Framework 3.5
  • For installation through the InTrust setup suite, Microsoft .NET Framework 3.5 Service Pack 1

For agent-server communication:

Computers that are supposed to run InTrust Server must be configured to allow for incoming connections on the TCP port on which your InTrust Servers are configured to communicate with agents (TCP port 900 by default).

For the configuration, alert and audit databases:

Any of the following:

  • Microsoft SQL Server 2000 Service Pack 3a or later
  • Microsoft SQL Server 2005
  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2012 with or without Service Pack 1
  • Microsoft SQL Server 2008 R2

Notes:

  • A local or remote installation of SQL Server can be used.
  • The collation order must be case-insensitive.
  • Microsoft SQL Server Express Edition is not supported.

For reporting jobs:

  • Web server based on Microsoft Internet Information Services (IIS) version 5.0 or later, with ASP.NET *
  • Microsoft SQL Server 2005 or SQL Server 2008 Reporting Services**

Notes:

* A local or remote installation can be used. If you plan to use Microsoft IIS 6.0 or 7.0, make sure ASP extensions are allowed.

** A local or remote installation of Reporting Services can be used; Microsoft SQL Server Express Edition with Advanced Services is not supported.

For requirements on local or remote installation of Knowledge Portal, refer to the Knowledge Portal documentation.

For detailed system requirements for all the InTrust components and processed systems, see the InTrust 10.6 System Requirements document supplied on the product CD.

Videos

Docs