Features

When used in conjunction with Dorian Software's Event Archiver ® or Event Alarm ® software, Event Analyst is one component of the patented Total Event Log Management Solution for monitoring, collecting, consolidating, and auditing event logs and syslogs.  And, just as our other SEM (security event management) solutions work independently, Event Analyst alone can prove to be a powerful tool for your organisation.

Event Analyst 6 and later includes:

• Four New Pre-Built Reports Now Available - Visit our sample reports page for more.  

• New Advanced Filter Features
  
  

  • Additional Relative Date Ranges - In the past, administrators could create advanced filters that returned log data a given number of days from the time the filter or report was actually executed.  Now, administrators can create advanced filters that return log data a given number of days from the day prior to when the filter or report is run (e.g.  from 12:00:00AM to 11:59:59PM), providing them with a clearer data boundary for scheduled report generation.
  • Quick Event ID Lookup - When building Advanced Filters that target one or more Event IDs, administrators can now multi-select them from the Friendly Event ID Manager, making it much easier to find the exact Event IDs that should be targeted.
  • Quick Computer Lookup - When building Advanced Filters that target one or more computers, administrators can now select them directly from a domain controller, browse list, OU, or custom domain listing.
  
  
  

• LogRefiner Technology for EVTX Log Format Compatibility - Find out more about this exclusive technology available only from Dorian Software.  

• Log Entry Viewer - The recent history of Event Analyst's scheduled report operations are now simply a menu click away.  In addition, administrators can filter the entries by type - information, warning, or error messages, for example - and then export them to HTML if necessary.

• Custom Domain Creation - As networks grow and merge, domain and workgroup structures expand in size and complexity.  Event Analyst 6 tackles this problem by allowing network administrators to create "custom domains" - logical groups of related computers.

  For example, delegation of administration may require that an administrator manage specific servers in three different organisational units of a larger domain.  Using Event Analyst, she can now map these individual computer names to a custom domain.  Then, she can easily reference that custom domain whenever she needs to summon one of the computers' logs for analysis or reporting.

• Scheduled Report "Test" Feature - Now, after administrators create scheduled reports, they can immediately test them with a click of the button to see if they produce the results desired.  Additionally, if reports must be run again, this feature reduces workload for the administrator.  

• Pre-Built Report Summary Exporter - Event Analyst 6 supports the export of all pre-built report titles and what those reports target, making it easy for administrators to share this information with compliance or security officers.  

.  .  .  all this in addition to existing features that have made Event Analyst an industry standard for event log and security log reporting:

• Ships With Many Commonly Requested Reports - We've focused on providing the most commonly requested reports for you already.  Find out more on our sample reports page.  

• New Comma-Delimited (CSV) Reporting - Generate reports in both HTML and CSV formats.  For administrators or compliance officers who need to document examples of audited activity, the CSV format is especially useful, as it can be manipulated directly in spreadsheet software.  

• Direct Reporting - Users can still open up a log source in one of Event Analyst's log viewing windows before generating a report.  Or, users can select a log source and immediately generate a report against it, bypassing the need to examine the data directly first.  For those desiring immediate report generation, this feature saves significant time.

• Custom Report Designer - Better visualize the grouping and sort order of your layouts with a grid-style editor.  You can immediately test your layout against sample data after you create it.

• Friendly Event ID Definitions for Custom Reports - The Friendly Event ID Manager allows the creation of special definitions for specific event identifiers (Event IDs) that correspond to event sources in certain log types.  The Friendly Event ID Manager ships with over 100 definitions already in place, with almost the entire range of security log events predefined for user convenience.  When custom reports are prepared, if a friendly definition exists for a specific Event ID, Event Analyst automatically places the definition alongside the number for better report readability.  

• Condensed Versions of Selected Reports - In direct response to the requests of our clients, Dorian Software has created condensed versions of certain reports.  Find out more on our sample reports page.&.  

• Optimised Report Generation - Although, of course, results vary based on a number of network-specific variables, Event Analyst's reports and custom reports are engineered for the fastest possible generation.  For scheduled reports that must process large volumes of data, this optimisation is a critical time-saver.  

• Report Link Emailing - To minimize potential issues with reports as attachments, Event Analyst can send links to reports via a UNC share path.  When enabled, the default scheduled reports folder in Event Analyst is shared, and emails contain a reference to the report files in that share.  However, users can select other UNC paths for report creation and linking as desired.

• Filter Name Inclusion in Report Filenames - To better distinguish between scheduled reports of the same type, Event Analyst can be configured to automatically append the filter name used when generating the report to the filename.

• True Organisational Unit Support - Larger domains with administrative control distributed among different OUs in Active Directory can configure Event Analyst to work within an OU and its children.  The Event Analyst Service account can be configured to run as an OU Admin (with local administrative control over computers in the OU), and administrators can limit the computer accounts retrieved by Event Analyst in various operations to a specific OU, as opposed to the entire domain.

• Faster Analysis and Reporting With Local Backups of Active Event Logs - In many cases, working with a local backup copy of an event log can speed analysis and reporting.  Therefore, when opening an active event log on a network computer for analysis, Event Analyst now provides the option to make a backup copy of the event log or transfer it to the machine running Event Analyst for analysis.

• Automatic Opening of Zipped EVT Files - Automatically uncompress and open archived EVT files that were compressed by Event Archiver – Dorian Software’s companion log collection tool.

• Advanced Filter Cloning - A cloning feature for rapid duplication of filters is included to help in defining multiple advanced filters with similar characteristics.

• Single-Click Report Scheduling - With a single menu click or button press, an administrator can schedule a report against the log source he or she is viewing inside Event Analyst.  All characteristics of the log source, including computer names, database links, filters, etc are transferred into the report scheduling dialog automatically.  All the administrator must do is choose the report desired and the schedule when it is generated, greatly reducing the potential for error.

• Compression for Emailed Reports - Report files can now automatically be compressed before being sent by email.  This is good for minimising network traffic demands or for accommodating strict email policies.

• Advanced Emailing Options - Scheduled reports set for automated email have additional customisable settings.  Administrators can specify the sender address Event Analyst uses when relaying mail through an SMTP server, in order to meet internal SMTP security standards.  Additionally, administrators can craft a custom email subject line to help them differentiate between similar reports that come from different log sources.

• Charts Included in Many Reports - Easy to read charts allow for quick review of problem areas and issues before digesting the more detailed, tabular information that follows.  And, charting can be enabled/disabled globally when desired.

• Cloning Scheduled Reports - Event Analyst supports convenient cloning of scheduled reports.  Users can quickly use a previously scheduled report as a template for a new report if only a few minor details need to be changed.

• Commonly Used Filters - Even more filters - many of them Windows 2003 specific - have been added to Event Analyst's Basic Filter database for convenience and quick recall.  In addition, several Advanced Filters have been pre-defined to search for certain types of commonly sought-after security activity.

• Faster Reporting Through Auto-Configuration of Event Archiver Database Tables - For faster reporting, Event Analyst can automatically index and configure tables when connected to an Event Archiver database in Microsoft Access or Microsoft SQL.  

Simple Viewing of Log Sources - Through an easy-to-use inventory of database and table links, finding and managing log database sources is simple.  

• Oracle Database Support - Tables that you create for Oracle 9i with Event Archiver can be managed with native support in Event Analyst.

• Customisation Capability and Ready-to-Use Filters - Mine for data using custom sorting to focus only on the data you need.

• Event Log Entry Research Capability - Utilising the Event Research Window and by way of www.eventlogs.com, users can research and decipher event log files and get recommendations for related Event Analyst Summary Reports.

Next Page - Sample Reports