InTrust
Product overview of InTrust
Securely collect, store and receive event data from Windows, Unix and Linux systems
InTrust is an event log management solution that addresses all of these concerns in heterogeneous environments composed of Windows, Unix and Linux servers, databases, business applications and network devices.
InTrust enables you to securely collect, store, search and analyze massive amounts of IT data from numerous data sources, systems and devices in one place. Get real-time insights into user activity for security, compliance and operational visibility.
With InTrust, you’ll be able to:
- Reduce the complexity of searching, analyzing and maintaining critical IT data scattered across information silos
- Speed security investigations and compliance audits with complete real-time visibility of your privileged users and machine data in one searchable place
- Adhere to compliance regulations with event log retention, such as GDPR, HIPAA, SOX, PCI and FISMA
- Save on storage costs with a highly-compressed, indexed, online long-term event log repository
- Quickly troubleshoot widespread issues should an incident occur
Features
Correlate disparate IT data from numerous systems and devices into an interactive search engine for fast security incident response and forensic analysis. Include user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.
Real-time log collection and analysis
Automate, secure and scale the collection of event logs across servers, network devices and workstations with immediate availability for analysis, security and compliance reporting.
Monitor and alert on activity
Sends real-time alert notifications about unauthorized or suspicious user activity directly to you via email or to third-party monitoring applications such as Microsoft System Center Operations Manager (SCOM).
Indexed repository
Archive and conduct full-text search event log data for compliance and security purposes with long-term log retention.
Tamper-proof logs
Enables you to create a cached location on each remote server where logs can be duplicated as they are created, preventing a rogue user or administrator from tampering with the audit log evidence.
Automated best practice reporting
Easily convert investigations into multiple report formats. Schedule reports and automate distribution across teams or choose from a vast library of pre-defined best practice reports with built in event log expertise.
Integration with SIEM solutions
Forwards all log data collected from Windows servers and network devices to a security information and event management (SIEM) solution of your choice. Supports customizable event output formats to seamlessly integrate with a wide variety of SIEM solutions.
Compressed repository
Save on storage costs with a highly compressed repository, 20-1 with indexing and 40-1 without.
Diverse systems support
Get a unified view into event log data from Windows, Unix/Linux, network devices, custom text logs and more. Make sense of log events by leveraging their simplified and normalized representation of Who, What, When, Where and Workstation.
Tour
Collection searches
Pre-defined searches
Interactive user sessions
Export built-in reports
Specifications
For detailed system requirements for all the InTrust components and processed systems, see the InTrust 11.3 System Requirements document supplied on the product download.
- Architecture
Any of the following:
- x64
- x86 where applicable
- Operating system
Any of the following:
- Microsoft Windows Server 2016
- Microsoft Windows 10
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2012
- Microsoft Windows 8
- Microsoft Windows 7
- Microsoft Windows Server 2008 R2
- Additional Software and Services
- On Windows Server 2008 R2: version 4.5 or later with all the latest updates
- On other Windows versions: version 4.0 or later with all the latest updates
- Architecture
Any of the following:
- x64
- Operating system
Any of the following:
- Microsoft Windows Server 2016
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2008 R2
- CPU
- Min. 4 cores (for example, for evaluation purposes)
- For any real-world uses, at least 8 cores are recommended
- Memory
- Min. 4GB (for example, for evaluation purposes)
- For any real-world uses, at least 8GB are recommended*
- Hard Disk Space
- Min. 4 GB when installing all components
- Additional Software and Services
- Microsoft .NET Framework 4.0 or later
*Please see detailed InTrust 11.3 system requirements for additional information
Any of the following:
- Microsoft SQL Server 2016
- Microsoft SQL Server 2014
- Microsoft SQL Server 2012
- Microsoft SQL Server 2008 R2
Notes:
- If a database is used by InTrust, no other products should modify it.
- A local or remote installation of SQL Server can be used.
- The collation order must be case-insensitive.
- Microsoft SQL Server Express Edition is supported for configuration and alert databases, but it does not provide SQL Server Reporting Services. Therefore, using SQL Server Express Edition is not appropriate for hosting audit databases.
- Web server based on Microsoft Internet Information Services (IIS) version 6.0 or later, with ASP.NET *
- Microsoft SQL Server Reporting Services**
Notes:
* A local or remote installation can be used. Make sure ASP extensions are allowed.
** A local or remote installation of Reporting Services can be used; Microsoft SQL Server Express Edition with Advanced Services is not supported.
For requirements on local or remote installation of Knowledge Portal, refer to the Knowledge Portal documentation.
Resources
Infographic: The Top 9 Best Practices to Reduce AD Security Breach Risks
Insider threat, Active Directory security, insider attack, data breach
Platinum Bank: Retail bank improves IT security and compliance
Platinum Bank enhances security, ensures regulatory compliance and minimizes downtime with AD and Exchange auditing.
2017 Spotlight Report: Cloud Security
In this new report from the Information Security Community on LinkedIn, you will learn how your peers are approaching cybersecurity in the era of cloud, including the latest trends and benchmarks to gauge how your own organization stacks up.
Conversational Geek e-book: Hybrid AD Security Detection & Alerting
Your Active Directory (AD) security is constantly in a state of change, making it difficult to understand your risks from static reports alone. That’s why you need to actively monitor all changes made in AD — being able to detect suspicious activity and a
Conversational Geek e-book: Hybrid AD Security Investigation & Recovery
Changes in your AD environment can be indicative of a breach, leaving it unreliable. Explore AD security investigation and recovery plan best practices.
Active Directory and Azure AD Security Best Practices
Unless you’ve been hiding under a rock, it’s going to come as no surprise that Office 365 adoption is increasing rapidly. With primary drivers like Exchange Online, SharePoint Online and OneDrive, Office 365 is obtaining an average of around 1 million new
- More Resources
- Communities
- Events & Demos
- Research Docs
- Customer Stories
Take the next step
Related Products
Change Auditor for Active Directory
Ensure security, compliance and control of AD and Azure AD.
Change Auditor for Exchange
Document all critical group, mailbox and public/private changes to Exchange
Change Auditor for Windows File Servers
Track, audit and receive reports on all Windows File Server real-time system changes
Change Auditor for Logon Activity
Get answers to critical security and compliance questions
Enterprise Reporter
Simplify security compliance and reporting across your Windows-based enterprise
Support & Services
Product Support
Self-service tools will help you to install, configure and troubleshoot your product.
Support Offerings
Find the right level of support to accommodate the unique needs of your organization.
Professional Services
Search from a wide range of available service offerings delivered onsite or remote to best suit your needs.