For the best web experience, please use IE10+, Chrome, Firefox, or Safari

InTrust

Smart and scalable event log management

Your organization’s most valuable asset is its data and the users who have access to it — but you’re only as secure as your user workstations. Collecting, storing and analyzing all user and privileged account data generally requires large amounts of storage, time-consuming collection of event data and in-house expertise about the event data collected. That’s where we come in.

Quest InTrust is a smart, scalable event log management tool that lets you monitor all user workstation and administrator activity from logons to logoffs and everything in between. Slash storage costs with 20:1 data compression, and store years of event logs from Windows, UNIX/Linux servers, databases, applications and network devices. InTrust real-time alerting enables you to immediately respond to threats with automated responses to suspicious activity.

data compression
events per second
storage cost savings

Key capabilities

Centralized log collection

Central log collection

Collect and store all native or third-party workstation logs from various systems, devices and applications in one, searchable location with immediate availability for security and compliance reporting. Get a unified view of Windows event logs, UNIX/Linux, IIS and web application logs, PowerShell audit trails, endpoint protection systems, proxies and firewalls, virtualization platforms, network devices, custom text logs, as well as Quest Change Auditor events.

Event log compression

Event log compression

Collect and store years of data in a highly-compressed repository, 20:1 with indexing and 40:1 without, so you can save on storage costs by up to 60%, satisfy data retention policies and ensure continuous compliance with HIPAA, SOX, PCI, FISMA and more.

Simplified log analysis

Simplified log analysis

Consolidate cryptic event logs from disparate sources into a simple, normalized format of who, what, when, where, where from and whom to help you make sense of the data. Unique, full-text indexing makes long-term event data easily searchable for fast reporting, troubleshooting and security investigation.

Alerting and response actions

Alerting and response actions

Watch for unauthorized or suspicious user activity, such as file creation beyond threshold limits, using file extensions of known ransomware attacks or fishy PowerShell commands. Respond to threats immediately with real-time alerts. InTrust enables you to easily trigger automated responses to suspicious events, like blocking the activity, disabling the offending user, reversing the change and/or enabling emergency auditing.

SIEM integration

SIEM integration

InTrust delivers easy and reliable integration with Splunk, QRadar, ArcSight and any other SIEM supporting common Syslog formats (RFC 5424, JSON, Snare). With InTrust’s predictable per-user license model, you can collect and store as much data as you need for as long as you want. Then use pre-built filters based on industry best practices to forward only relevant data to your SIEM solution for real-time, security analytics. This integration enables you to slash your annual SIEM licensing costs.

Additional features

User workstation log monitoring

Protect your workstations from modern cyberattacks, such as pass-the-hash, phishing or ransomware, by monitoring user and administrator activity — from logons to logoffs and everything in between. Collect and store all essential details of user access, such as who performed the action, what that action entailed, on which server it happened and from which workstation it originated.

Hyper scalability

One InTrust server can process up to 60,000 events per second with 10,000 agents or more writing event logs simultaneously, giving you more efficiency, scalability and substantial hardware cost savings. And for large, enterprise organizations who need more volume, you can simply add another InTrust server and divide the workload — scalability is virtually limitless.

Improved insights with IT Security Search

Leverage the valuable insights from all of your Quest security and compliance solutions in one place. With IT Security Search, you can correlate data from InTrust, Change AuditorEnterprise ReporterRecovery Manager for AD, and Active Roles in a responsive Google-like, IT search engine for faster security incident response and forensic analysis. Easily analyze user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.

Automated best practice reporting

Easily convert investigations into multiple report formats, including HTML, XML, PDF, CSV and TXT, as well as Microsoft Word, Visio and Excel. Schedule reports and automate distribution across teams or choose from a vast library of predefined best practice reports with built-in event log expertise. With data import and consolidation workflows, you can even automatically forward a subset of data to SQL Server for further advanced analysis.

Tamper-proof logs

Protect event log data from tampering or destruction by creating a cached location on each remote server where logs can be duplicated as they are created.

    Real-time log collection

  • Automate real-time gathering of event logs from a single console.

  • Pre-defined searches

  • Use pre-defined searches to zero in on critical event data.

  • SIEM event forwarding

  • Use best practice filters to selectively forward only relevant data to your SIEM to reduce costs, minimize event noise and improve threat hunting efficiency and effectiveness.

  • Unix/Linux log management

  • Collect, store and search events from Unix and Linux syslog.

  • Syslog parsing

  • Syslog data differs drastically between applications. With InTrust, you can detect structured data inside syslog events and parse this data correctly.

  • Interactive user sessions

  • Monitor user session activity — from logons to logoffs and everything in between.

  • Password spray alerts

  • Pre-defined alerts watch for suspicious user activity, such as potential password spraying (multiple failed logons for multiple valid accounts).

  • PowerShell monitoring

  • Automated response actions can minimize the impact of modern PowerShell-based attacks such as pass-the-hash.

  • Dynamic operators

  • Send email notifications to specific users and their managers of potentially suspicious activity on their account, such as password changes or multiple failed logons.

  • Export built-in reports

  • Export built-in reports for troubleshooting and review.

  • IT Security Search

  • Find everything associated with a user or object using simple search terms. View results in a simple format of who, what, when, where, whom and workstation.

Specifications

Resources

InTrust
Datasheet
InTrust
InTrust
Securely collect, store and receive event data from Windows, Unix and Linux systems
Read Datasheet
SIEM Integration Best Practices: Making the Most of Your Security Event Logs
White Paper
SIEM Integration Best Practices: Making the Most of Your Security Event Logs
SIEM Integration Best Practices: Making the Most of Your Security Event Logs

Too many organizations limit the log data they collect because they can't afford to process everything their SIEM; it simply costs too much and generates far too many alerts. However, this decision

Read White Paper
Ransomware attack mitigation with InTrust and Change Auditor
Ransomware attack mitigation with InTrust and Change Auditor

03:31

Video
Ransomware attack mitigation with InTrust and Change Auditor
This demo shows how you can use InTrust and Change Auditor to minimize the damage of a ransomware attack, without a specialized malware detection solution in place.
Watch Video
Deciding Which Security Event Logs to Collect and How to Process Them in Your SIEM and Beyond
On Demand Webcast
Deciding Which Security Event Logs to Collect and How to Process Them in Your SIEM and Beyond
Deciding Which Security Event Logs to Collect and How to Process Them in Your SIEM and Beyond

Using SIEM to check every log with security value can be overwhelming and costly. Collecting logs is vital to detecting, analyzing and preventing security breaches, but not every log has to be sent

Watch Webcast
Federal Government Agency uses Quest InTrust to collect event logs
Case Study
Federal Government Agency uses Quest InTrust to collect event logs
Federal Government Agency uses Quest InTrust to collect event logs

A large Federal Government Agency needed a solution to collect large volumes of event log data from disparate systems, devices and applications. With strict data retention compliance regulations, t

Read Case Study
Integrated change auditing and event log management for strong security
White Paper
Integrated change auditing and event log management for strong security
Integrated change auditing and event log management for strong security
This white paper explores how you can use Change Auditor and InTrust, either alone or in combination with your SIEM, to improve security and compliance while reducing costs.
Read White Paper
Top 3 workstation logs to monitor: Improve endpoint security with Sysmon, PowerShell and security logs
E-book
Top 3 workstation logs to monitor: Improve endpoint security with Sysmon, PowerShell and security logs
Top 3 workstation logs to monitor: Improve endpoint security with Sysmon, PowerShell and security logs
Improve endpoint security and log management. Learn the top 3 workstation logs to monitor and how Quest InTrust and IT Security Search simplify the process.
Read E-book
How to collect custom applications and services logs
How to collect custom applications and services logs

09:08

Video
How to collect custom applications and services logs
Watch you how can collect custom applications and services logs with InTrust.
Watch Video

Get started now

Monitor user activity. Slash storage costs. Respond to threats quickly.

Support & services

Product Support

Self-service tools will help you to install, configure and troubleshoot your product.

Support Offerings

Find the right level of support to accommodate the unique needs of your organization.

Professional Services

Search from a wide range of available service offerings delivered onsite or remote to best suit your needs.