Event log management for security and compliance

InTrust securely collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems, helping you comply with external regulations, internal policies and security best practices.

InTrust helps you achieve regulatory compliance and gain deep insights into user activity by auditing user access to critical systems from the time they logon until the time they logoff. InTrust detects inappropriate or suspicious access-related events in real time. With this tool, you can easily collect, analyze, report and generate automated real-time alerts within seconds for all relevant access-related events across your heterogeneous network.

This single solution reduces the complexity of event log management, saves storage administration costs, improves information assurance, mitigates risk and helps to reduce cost and improve efficiency of security, operational and compliance reporting.

Features overview

  • Key to compliance: Addresses regulatory compliance by collecting in real time and reporting on event logs across the entire IT stack, monitoring user access to critical systems and applications, and enabling forensic analysis of user and system activity based on historical event data
  • User activity tracking: Collects events on user and administrator activity from diverse and widely dispersed systems and applications and presents them in an easy-to-use and complete form suitable for ongoing reporting and ad-hoc analysis. InTrust extracts all the essential details of user access from the time they login to the time they logoff, such as who performed the action, what that action actually entailed, which server it happened on and from which user workstation, console or terminal session it originated
  • Integration with ChangeAuditor: Raises visibility of user activity by finding and reporting both user logon/logoff events and ChangeAuditor events (who changed what, when, where, why, from whose workstation) in real time with a single query from a single interface
  • Privileged account auditing: Collects logs produced by Dell Software’s privileged account management solutions and correlates them with other native logs residing on Windows and Unix/Linux systems. Builds a full picture of shared and superuser account activities, raising individual accountability
  • Integration with SIEM solutions: Feeds all log data collected from Windows servers to a security information and event management (SIEM) solution of your choice. Supports customizable event output formats to seamlessly integrate with a wide variety of SIEM solutions
  • Log data compression: Provides unparalleled long-term data compression, versus storing the same amount of event data in a database
  • Log integrity: Enables you to create a cached location on each remote server where logs can be duplicated as they are created, preventing a rogue user or administrator from tampering with the audit log evidence
  • Forensic analysis: Provides tools for interactive searching through historical event log data for on-the-spot investigation of security incidents and policy violations and preparation of evidence suitable for submission to the court
  • Real-time alerting: Sends real-time alert notifications about unauthorized or suspicious user activity directly to you via email or to third-party monitoring applications such as Microsoft Operations Manager (MOM)
  • Flexible reporting: Gives you unprecedented access to predefined and customizable reports, supporting a wide variety of file formats, including HTML, XML, PDF, CSV and TXT, as well as Microsoft Word, Visio and Excel.