如需獲得最佳網頁瀏覽體驗,請使用 IE 11 或更高版本、Chrome、Firefox 或 Safari。

InTrust

事件日志管理软件

Product overview of InTrust 07:08

贵公司最宝贵的资产是数据和对其有访问权限的用户,但是,您的安全取决于用户工作站。 收集、存储和分析所有用户以及特权帐户数据通常需要大量存储、耗时地收集事件数据和关于所收集的事件日志数据的内部专业知识。 而这正是我们的职责所在。

Quest InTrust是可扩展的智能事件日志管理软件,使您可以监控所有用户工作站和管理员活动,从登录到注销以及其间的一切活动都包括在内。 通过20:1的数据压缩削减存储成本,并存储来自Windows、UNIX/Linux服务器、数据库、应用程序和网络设备的长达数年之久的事件日志。 InTrust实时日志监控和警报功能通过自动响应可疑活动,使您可以即时应对威胁。

数据压缩
个事件/秒
的存储成本节省

集中日志收集

How to collect custom applications and services logs 09:08

集中日志收集

通过一个可搜索的位置收集并存储来自各种系统、设备和应用程序的所有本机或第三方工作站日志,而且提供即时可用性,从而实现安全性与合规性报告。 获得Windows事件日志、UNIX/Linux、IIS和Web应用程序日志、PowerShell审核跟踪、终端保护系统、代理和防火墙、虚拟化平台、网络设备、自定义文本日志以及Quest Change Auditor事件的统一视图。

事件日志压缩

事件日志管理和压缩

事件日志压缩

收集数年的数据并存储在高度压缩的存储库中(在建立索引的情况下实现20:1的压缩率,在不建立索引的情况下实现40:1的压缩率),从而使您可以节省多达60 %的存储成本,遵守数据保留政策,并确保持续符合HIPAA、SOX、PCI、FISMA等要求。

简化的日志分析

简化的日志分析 - 日志监控工具

简化的日志分析

将来自分散源的加密事件日志整合成一种简单的标准化格式,其中包含相关用户、内容、时间、位置、源和对象,以帮助您了解数据。 独特的全文索引功能使长期事件数据易于进行搜索,从而实现快速的报告、故障排除和安全调查。

警报和响应操作

Defend against PowerShell attacks with automated response actions 03:42

警报和响应操作

监视未授权或可疑的用户活动,例如超出阈值限制的文件创建、使用已知勒索软件攻击的文件扩展名、可疑进程启动或可疑PowerShell命令。 通过实时警报即时响应威胁。 InTrust使您可以轻松触发对可疑事件的自动化响应,例如阻止活动、禁用违规用户、撤消更改和/或启用紧急审核。

SIEM集成

Filtering events forwarded to SIEM with InTrust 02:17

SIEM集成

InTrust支持与Splunk、QRadar、ArcSight以及支持常见系统日志格式(RFC 5424、JSON、Snare)的任何其他SIEM轻松、可靠地进行集成。 借助InTrust的可预测按用户许可模式,您可以根据需要收集任何数量的数据,并根据需要将它们存储任意长的时间。 然后,根据行业妥善做法使用预构建的过滤器仅将相关日志数据和警报转发到SIEM解决方案进行实时安全分析。 此集成使您可以削减年度SIEM许可成本。

您要向SIEM发送多少数据?

请试用此ROI计算器以了解您可以为贵企业节省多少金钱。

其他功能

用户工作站日志监控

通过监控用户和管理员活动,从登录到注销以及其间发生的一切都包括在内,从而保护您的工作站以抵御现代网络攻击,例如哈希传递、网络钓鱼或勒索软件。 收集并存储用户访问的所有重要详细信息,如谁执行了操作���该操作涉及什么、执行于哪一台服务器以及源于哪一台工作站。

超可扩展性

一台InTrust服务器每秒可以处理多达60,000个事件且支持10,000个或更多代理程序同时写入事件日志,使您实现更高的效率、更大的可扩展性和巨大的硬件成本节省。 对于需要更多容量的大型企业组织,只需添加其他InTrust服务器并划分工作负载 — 可扩展性几乎是无限的。

通过IT Security Search提高洞察力

在一个位置便可利用所有Quest安全与合规性解决方案提供的宝贵洞察力。 借助IT Security Search,您可以在一个响应快速的、类似于Google的IT搜索引擎中关联来自InTrust、Change AuditorEnterprise ReporterRecovery Manager for AD以及Active Roles的数据,实现更快的安全事件响应和取证分析。 通过丰富的可视化和事件时间表轻松分析用户授权和活动、事件趋势、可疑模式等。

自动化妥善做法报告

轻松将调查结果转换为多种报告格式,包括HTML、XML、PDF、CSV和TXT以及Microsoft Word、Visio和Excel。 借助内置的事件日志专业技术,安排报告的生成时间并自动将其分发给各团队,或从内容丰富的预定义妥善做法报告库中进行选择。 通过数据导入和整合工作流,您甚至可以将数据的子集自动转发到SQL Server以进行进一步的高级分析。

防篡改日志

通过在可对创建的日志进行重复数据删除的每台远程服务器上创建缓存位置,保护事件日志数据,以防止篡改或销毁。

    实时日志收集

  • 通过单个控制台,自动实时收集事件日志。

    实时日志收集
  • 预定义搜索

  • 使用预定义的搜索来重点关注关键的事件数据。

    预定义搜索
  • SIEM事件转发

  • 使用妥善做法过滤器来有选择地仅将相关数据转发到SIEM,从而降低成本,大大减少事件干扰,并提高威胁捕获效率和有效性。

    SIEM事件转发
  • Unix/Linux日志管理

  • 从Unix和Linux系统日志收集、存储和搜索事件

    Unix/Linux日志管理
  • 系统日志解析

  • 系统日志数据因应用程序的不同而存在巨大差异。 利用InTrust,您可以检测系统日志事件中的结构化数据,并正确解析这些数据。

    系统日志解析
  • 交互式用户会话

  • 监控用户会话活动,从登录到注销以及其间的一切活动都包括在内。

    交互式用户会话
  • 密码喷雾警报

  • 预先定义的警报可监视潜在密码喷雾(多个有效帐户多次出现失败的登录)等可疑用户活动。

    密码喷雾警报
  • PowerShell监控

  • 自动化响应操作可以大大降低基于PowerShell的现代攻击(如哈希传递)的影响。

    PowerShell监控
  • 动态运算符

  • 向特定用户及其经理发送有关其帐户潜在可疑活动(例如密码更改或多次失败的登录)的电子邮件通知。

    动态运算符
  • 导出内置报告

  • 导出内置报告,以进行故障排除和审查。

    导出内置报告
  • IT Security Search

  • 使用简单的搜索词查找与用户或对象关联的一切内容。 以人员、事件、时间、位置、对象和工作站的简单格式查看结果。

    IT Security Search

规格

资源

InTrust
数据表
InTrust
InTrust
安全地收集、存储和接收来自Windows、Unix和Linux系统的事件数据
阅读数据表
How to Improve your SIEM’s ROI and Threat-Hunting Potential
白皮书
How to Improve your SIEM’s ROI and Threat-Hunting Potential
How to Improve your SIEM’s ROI and Threat-Hunting Potential
Are you getting maximum value from your SIEM? Probably not — 54 percent of cybersecurity pros say that their SIEM detects less than half of all security incidents, and many organizations have had to dial back monitoring to control SIEM costs. The root of the problem isn’t your SIEM. Most
阅读白皮书
SIEM Integration Best Practices: Making the Most of Your Security Event Logs
白皮书
SIEM Integration Best Practices: Making the Most of Your Security Event Logs
SIEM Integration Best Practices: Making the Most of Your Security Event Logs
Too many organizations limit the log data they collect because they can't afford to process everything their SIEM; it simply costs too much and generates far too many alerts. However, this decision leaves them unable to properly detect, investigate and remediate security incidents. The key to breaki
阅读白皮书
Top 3 workstation logs to monitor: Improve endpoint security with Sysmon, PowerShell and security logs
电子书
Top 3 workstation logs to monitor: Improve endpoint security with Sysmon, PowerShell and security logs
Top 3 workstation logs to monitor: Improve endpoint security with Sysmon, PowerShell and security logs
Improve endpoint security and log management. Learn the top 3 workstation logs to monitor and how Quest InTrust and IT Security Search simplify the process.
阅读电子书
5 Best Practices for Endpoint Log Monitoring
网络点播
5 Best Practices for Endpoint Log Monitoring
5 Best Practices for Endpoint Log Monitoring
Your organization’s data – and the users who have access to it – are only as secure as your endpoints, which are increasingly susceptible to cyberattacks. Workstation users, in particular, fall victim to drive-by downloads from websites they think they can trust, leading to ransomw
观看网络直播
Key Issues to Consider in Endpoint Security
网络点播
Key Issues to Consider in Endpoint Security
Key Issues to Consider in Endpoint Security
Watch this on-demand webcast and join security experts as they explore the need for better endpoint log management, which current solutions are not working, and how to achieve more robust endpoint security.
观看网络直播
零售商确保PCI DSS合规性
案例分析
零售商确保PCI DSS合规性
零售商确保PCI DSS合规性
“为实现PCI DSS合规性,我们需要打开所有本地日志记录并为审核员提供过去一年的完整日志… 倘若没有InTrust,我们的空间恐怕早已耗尽。”大型零售连锁店企业管理员任何想要继续接受信用卡的零售商都需要遵守PCI DSS标准 — 并在年度审核期间予以证明。有一项PCI DSS要求可能特别难以满足:存储一整年的审核数据。了解一家大型零售商如何轻松顺利通过PCI DSS审核。依托Quest InTrust,该公司从百余个位置收集数百GB的数据并经济高效地存储数年 — 同时为审核和调查保留轻松、安全的访问。与此同时,Quest的Chan
阅读案例分析
Integrated change auditing and event log management for strong security
白皮书
Integrated change auditing and event log management for strong security
Integrated change auditing and event log management for strong security
This white paper explores how you can use Change Auditor and InTrust, either alone or in combination with your SIEM, to improve security and compliance while reducing costs.
阅读白皮书

视频

Cut costs, increase storage with InTrust and SIEM integration
Cut costs, increase storage with InTrust and SIEM integration

11:16

視頻
Cut costs, increase storage with InTrust and SIEM integration
Listen in as Quest product experts Ghazwan Khairi, Bryan Patton and Robert Tovar discuss how InTrust seamlessly integrates with your SIEM solutions for real-time security analytics and lower annual SIEM costs.
观看视频
User logon session auditing with Quest InTrust
User logon session auditing with Quest InTrust

04:39

視頻
User logon session auditing with Quest InTrust
Learn about user logon session auditing with Quest InTrust.
观看视频
Filtering events forwarded to SIEM with InTrust
Filtering events forwarded to SIEM with InTrust

02:17

視頻
Filtering events forwarded to SIEM with InTrust
Take a look at the new SIEM forwarding enhancements coming to InTrust 11.4.1 in this brief demo.
观看视频
Defend against PowerShell attacks with automated response actions
Defend against PowerShell attacks with automated response actions

03:42

視頻
Defend against PowerShell attacks with automated response actions
In this demo, watch how you can use InTrust's automated response actions to minimize the impact of modern PowerShell-based attacks such as Pass the Hash.
观看视频
Ransomware attack mitigation with InTrust and Change Auditor
Ransomware attack mitigation with InTrust and Change Auditor

03:31

視頻
Ransomware attack mitigation with InTrust and Change Auditor
This demo shows how you can use InTrust and Change Auditor to minimize the damage of a ransomware attack, without a specialized malware detection solution in place.
观看视频
Collecting Microsoft IIS logs with Quest InTrust
Collecting Microsoft IIS logs with Quest InTrust

03:11

視頻
Collecting Microsoft IIS logs with Quest InTrust
Watch a step-by-step tutorial on how to collect Microsoft IIS logs using InTrust.
观看视频
How to collect custom applications and services logs
How to collect custom applications and services logs

09:08

視頻
How to collect custom applications and services logs
Watch you how can collect custom applications and services logs with InTrust.
观看视频
Reporting on members of specific groups with Quest InTrust
Reporting on members of specific groups with Quest InTrust

05:41

視頻
Reporting on members of specific groups with Quest InTrust
In this demo, you will learn how to customize InTrust failed logon reporting to focus on members of a specific group.
观看视频

博客

Rising RDP Attacks as an Avenue for Ransomware; and Mitigation Strategies

Rising RDP Attacks as an Avenue for Ransomware; and Mitigation Strategies

Learn about the recent connection between Remote Desktop Protocol (RDP) and ransomware attacks, as well as how you can limit your exposure.

New in Quest InTrust - Real-Time alert notification in the Event Log

New in Quest InTrust - Real-Time alert notification in the Event Log

Quest InTrust is a very powerful log management framework which also contains a lot of possible ways to notify about triggered alerts: Email alertsSCOM connector

Remote Workforce Productivity: Give Managers the Tools to Help Overwhelmed Users Manage Their Workload

Remote Workforce Productivity: Give Managers the Tools to Help Overwhelmed Users Manage Their Workload

Discover how IT admins can give managers the tools they need to help overwhelmed users manage their workload in the growing remote workforce.

Top 3 Logs to Spot and Stop COVID-19 Workstation Attacks for Your Remote Workforce

Top 3 Logs to Spot and Stop COVID-19 Workstation Attacks for Your Remote Workforce

COVID-19 phishing and malware attacks start on user workstations. Monitor these three logs to stop and spot these attacks: Windows security log, Sysmon log, and the PowerShell log.

New in Quest InTrust - Suspicious process creation detection

New in Quest InTrust - Suspicious process creation detection

In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protect...

Want to see if someone is attempting a known CVE in your infrastructure? Just collect logs

Want to see if someone is attempting a known CVE in your infrastructure? Just collect logs

Something really cool about honeypots and deception technology, in general, is that you can see a hacker or a penetration tester in action with very little false positive notifications. Deception also can help with detecting yet unknown threats that ...

立即行动

监控用户活动。 削减存储成本。 快速响应威胁。

支持和服务

产品支持

自助式工具将帮助您安装、配置产品以及进行故障排除。

支持服务

查找适当的支持级别,以满足企业的独特需求。

专业服务

从现场或异地提供的一系列可用服务中进行搜索,以最好地满足您的需求。