Protect your workstations from modern cyberattacks, such as pass-the-hash, phishing or ransomware, by monitoring user and administrator activity — from logons to logoffs and everything in between. Collect and store all essential details of user access, such as who performed the action, what that action entailed, on which server it happened and from which workstation it originated.
One InTrust server can process up to 60,000 events per second with 10,000 agents or more writing event logs simultaneously, giving you more efficiency, scalability and substantial hardware cost savings. And for large, enterprise organizations who need more volume, you can simply add another InTrust server and divide the workload — scalability is virtually limitless.
Leverage the valuable insights from all of your Quest security and compliance solutions in one place. With IT Security Search, you can correlate data from InTrust, Change Auditor, Enterprise Reporter, Recovery Manager for AD, and Active Roles in a responsive Google-like, IT search engine for faster security incident response and forensic analysis. Easily analyze user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.
Easily convert investigations into multiple report formats, including HTML, XML, PDF, CSV and TXT, as well as Microsoft Word, Visio and Excel. Schedule reports and automate distribution across teams or choose from a vast library of predefined best practice reports with built-in event log expertise. With data import and consolidation workflows, you can even automatically forward a subset of data to SQL Server for further advanced analysis.
Protect event log data from tampering or destruction by creating a cached location on each remote server where logs can be duplicated as they are created.
Automate real-time gathering of event logs from a single console.
Use pre-defined searches to zero in on critical event data.
Use best practice filters to selectively forward only relevant data to your SIEM to reduce costs, minimize event noise and improve threat hunting efficiency and effectiveness.
Collect, store and search events from Unix and Linux syslog.
Syslog data differs drastically between applications. With InTrust, you can detect structured data inside syslog events and parse this data correctly.
Monitor user session activity — from logons to logoffs and everything in between.
Pre-defined alerts watch for suspicious user activity, such as potential password spraying (multiple failed logons for multiple valid accounts).
Automated response actions can minimize the impact of modern PowerShell-based attacks such as pass-the-hash.
Send email notifications to specific users and their managers of potentially suspicious activity on their account, such as password changes or multiple failed logons.
Export built-in reports for troubleshooting and review.
Find everything associated with a user or object using simple search terms. View results in a simple format of who, what, when, where, whom and workstation.
Too many organizations limit the log data they collect because they can't afford to process everything their SIEM; it simply costs too much and generates far too many alerts. However, this decision Read White Paper
Using SIEM to check every log with security value can be overwhelming and costly. Collecting logs is vital to detecting, analyzing and preventing security breaches, but not every log has to be sent Watch Webcast
Self-service tools will help you to install, configure and troubleshoot your product.
Find the right level of support to accommodate the unique needs of your organization.
Search from a wide range of available service offerings delivered onsite or remote to best suit your needs.