Real-time alert patterns from log search
EventLog Analyzer provides several options to customize the reports. As per your requirement, you can create new custom reports with a new report profile. Apart from the new custom reports, the existing pre-built (canned) reports can be customized to suit your need. Using these custom or customized reports, log analysis is made easy for administrators, since the reports are pruned out for specific data.
Create new reports on event logs received from a select group of devices, based on specific event filters. Monitor critical servers exclusively, and set up schedules to automatically report on these parameters at regular intervals.
Customizing Existing Reports
EventLog Analyzer allows you to customize the reports. With this you will be able to modify the pre-built reports to suit your requirement. Instead of creating your own custom report, you can customize the existing pre-built reports, provided it suits your requirements.
Convert searches into alert profiles to quickly mitigate attacks
One of the fundamental components of an SIEM solution is its alerting tool. Real-time alerts give you complete control over the important events occurring in your network, so you can not only troubleshoot problems faster, but also handle security threats before they cause any real damage. In addition to real-time SMS and email alerts, EventLog Analyzer enables you to run scripts when alerts are triggered so you can start mitigating attacks right away.
Every attack follows a pattern, and with EventLog Analyzer, you can capture this pattern in a search query and save it as an alert profile. That way, when a specified pattern of events happens in your network, you're alerted in real time. Stay on top of security events of interest to reduce the time it takes to detect and respond to a security threat in your security operations center.
Save a search query as an alert profile
Log searches enable you to drill down into a massive amount of logs and find what you need. With EventLog Analyzer, you can easily save your search query as an alert profile.
For example, say you type out the query A="x" and B="y" and C="z". You can save this search query as an alert profile so that when A="x" and B="y" and C="z" occurs in your network, you're notified in real time. This is a static correlation of events.
Get notified via email or SMS, or even choose to run a script when an alert is triggered. Tweak the trigger conditions, such as the number of times an event occurs within a certain time interval, so alerts are only triggered when you want them to be. Alert profiles are a fundamental part of using device logs to mitigate threats.