InTrust
Product overview of InTrust
Smart and scalable event log management
Your organization’s most valuable asset is its data and the users that have access to it — but you’re only as secure as your user workstations. Collecting, storing and analyzing all user and privileged account data generally requires large amounts of storage, time-consuming collection of event data and in-house expertise about the event data collected. That’s where we come in.
Only with Quest InTrust, you can monitor all user workstation and administrator activity from logons to logoffs and everything in between. Slash storage costs with 20:1 data compression, and store years of event logs from Windows, UNIX/Linux servers, databases, applications and network devices. InTrust real-time alerting enables you to immediately respond to threats with automated responses to suspicious activity.
Features
Single pane of glass
Collect and store all native or third-party workstation logs from various systems, devices and applications in one, searchable location with immediate availability for security and compliance reporting. InTrust delivers a unified view of Windows event logs, UNIX/Linux, IIS and web application logs, PowerShell audit trails, endpoint protection systems, proxies and firewalls, virtualization platforms, network devices, custom text logs, as well as Quest Change Auditor events.
User workstation log monitoring
Protect your workstations from modern cyberattacks, such as pass-the-hash, phishing or ransomware, by monitoring user and administrator activity — from logons to logoffs and everything in between. Collect and store all essential details of user access, such as who performed the action, what that action entailed, on which server it happened and from which workstation it originated.
Simplified log analysis
Consolidate cryptic event logs from disparate sources into a simple, normalized format of who, what, when, where, where from and whom to help you make sense of the data. Syslog data, in particular, differs drastically from application to application. With InTrust, you can detect structured data inside syslog events and parse this data correctly. Unique, full-text indexing makes long-term event data easily searchable for fast reporting, troubleshooting and security investigation.
Smart, scalable event log compression
Collect and store massive volumes of data in a highly-compressed repository, 20:1 with indexing and 40:1 without, so you can save on storage costs by up to 60% and ensure continuous compliance with HIPAA, SOX, PCI, FISMA and more. Additionally, one InTrust server can process up to 60,000 events per second with 10,000 agents writing event logs simultaneously, giving you more efficiency, scalability and substantial hardware cost savings. And if you need more volume, you can simply add another InTrust server and divide the workload — scalability is virtually limitless.
Real-time alerting and response actions
Watch for unauthorized or suspicious user activity, such as file creation beyond threshold limits, using file extensions of known ransomware attacks or fishy PowerShell commands. Respond to threats immediately with real-time alerts. InTrust enables you to easily trigger automated responses to suspicious events, like blocking the activity, disabling the offending user, reversing the change and/or enabling emergency auditing.
Tamper-proof logs
Protect event log data from tampering or destruction by creating a cached location on each remote server where logs can be duplicated as they are created.
Integration with SIEM solutions
Slash your annual SIEM licensing costs with InTrust connectors for Splunk, IBM QRadar and Microfocus ArcSight. Store long-term event log data with InTrust, and filter and forward only relevant data to your existing SIEM solution for real-time, security analytics.
Improved Insights with IT Security Search
Leverage the valuable insights from all of your Quest security and compliance solutions in one place. With IT Security Search, you can correlate data from InTrust, Change Auditor, Enterprise Reporter, Recovery Manager for AD, and Active Roles in a Google-like, IT search engine for faster security incident response and forensic analysis. Easily analyze user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.
Automated best practice reporting
Easily convert investigations into multiple report formats, including HTML, XML, PDF, CSV and TXT, as well as Microsoft Word, Visio and Excel. Schedule reports and automate distribution across teams or choose from a vast library of predefined best practice reports with built-in event log expertise. With data import and consolidation workflows, you can even automatically forward a subset of data to SQL Server for further advanced analysis.
Tour
Collection searches
Pre-defined searches
Interactive user sessions
Export built-in reports
Specifications
Default Set of Components
The components installed by default are InTrust Deployment Manager, InTrust Server and InTrust Repository Viewer. If you customize the selection to install individual components, see the requirements for the components you need in the InTrust System Requirements document supplied in the product download. If you use the default selection, the combined requirements are as follows:
- Architecture
-
x64
- Operating System
-
- Microsoft Windows Server 2016
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2008 R2
- CPU
-
Min. 4 cores (for example, for evaluation purposes).
For any real-world uses, at least 8 cores are recommended.
- Memory
-
Min. 4GB (for example, for evaluation purposes).
For any real-world uses, at least 8GB are recommended.*
- Additional Software and Services
-
- Microsoft .NET Framework 4.5 or later with all the latest updates
- Microsoft SQL Server Native Client 11.0.6538.0 or later (version 11.0.6538.0 redistributable package of the client is included in the InTrust distribution) Important: Install the required version of the client in advance, and only then install InTrust.
- In a virtualized environment
-
If you deploy InTrust on a virtual machine, make sure the CPU and memory requirements above are met, and do not overload the virtual machine host.
- For the configuration database:
-
- Microsoft SQL Server 2016
- Microsoft SQL Server 2014
- Microsoft SQL Server 2012
- Microsoft SQL Server 2008 R2
Resources
InTrust
Securely collect, store and receive event data from Windows, Unix and Linux systems
Ransomware attack mitigation with InTrust and Change Auditor
This demo shows how you can use InTrust and Change Auditor to minimize the damage of a ransomware attack, without a specialized malware detection solution in place.
Deciding Which Security Event Logs to Collect and How to Process Them in Your SIEM and Beyond
Using SIEM to check every log with security value can be overwhelming and costly. Collecting logs is vital to detecting, analyzing and preventing security breaches, but not every log has to be sent
Integrated change auditing and event log management for strong security
This white paper explores how you can use Change Auditor and InTrust, either alone or in combination with your SIEM, to improve security and compliance while reducing costs.
Defend against PowerShell attacks with automated response actions
In this demo, watch how you can use InTrust's automated response actions to minimize the impact of modern PowerShell-based attacks such as Pass the Hash.
Top 3 workstation logs to monitor: Improve endpoint security with Sysmon, PowerShell and security logs
Improve endpoint security and log management. Learn the top 3 workstation logs to monitor and how Quest InTrust and IT Security Search simplify the process.
How to collect custom applications and services logs
Watch you how can collect custom applications and services logs with InTrust.
Platinum Bank: Retail bank improves IT security and compliance
Platinum Bank enhances security, ensures regulatory compliance and minimizes downtime with AD and Exchange auditing.
- More Resources
- Communities
- Events & Demos
- Research Docs
- Videos
- Customer Stories
Take the next step
Related Products
Change Auditor for Active Directory
Ensure security, compliance and control of AD and Azure AD.
Change Auditor for Exchange
Document all critical group, mailbox and public/private changes to Exchange
Change Auditor for Windows File Servers
Track, audit and receive reports on all Windows File Server real-time system changes
Change Auditor for Logon Activity
Get answers to critical security and compliance questions
Enterprise Reporter
Simplify Microsoft on-premises and cloud-based platform security and compliance reporting
Support & Services
Product Support
Self-service tools will help you to install, configure and troubleshoot your product.
Support Offerings
Find the right level of support to accommodate the unique needs of your organization.
Professional Services
Search from a wide range of available service offerings delivered onsite or remote to best suit your needs.