Jump to content

Get Your
Free 30-Day Trial WhatsUp Gold

WhatsUp Event Analyst®

Automated Log Filtering, Correlation and Reporting

Your logs are a treasure trove of information. If properly set up, they record every network event on your servers, devices and applications, for example Access and permission changes to Files, Folders, and Objects containing financial, customer or compliance data, object access attempts, login failures, etc. This information is critical when launching an immediate incident response when you face a network outage or a security threat. It also presents the means for you to prove compliance to regulatory requirements including Sarbanes Oxley, HIPAA, GLB, FISMA, PCI DSS, NISPOM, NERC CIP and others. However, you know that sifting through the volumes of logs from every possible network source is an unmanageable exercise. You need the tools to filter, correlate, export and report on logs in a way that presents the right information to your team and your management.

Ensuring Reliability and Accountability in Log Reporting

WhatsUp Event Analyst® enables network professionals to easily filter through stores of log file data for specific logs and then view, filter, export and report on those events of interest. The capability to efficiently search vast amounts of log data and report the findings is vital to the health of network security conscious businesses of any size. And with the ability to define, store, schedule and send automated reporting as needed — WhatsUp Event Analyst makes log reporting reliable, accountable and auditable.

With WhatsUp Event Analyst you can:

  • Use specialized prepackaged reports for reporting on standard log and compliance criteria
  • Generate custom log data reports and charts on any filtered event entries 
  • Share reports in clear, printer friendly HTML formats with management and auditors
  • Correlate and analyze across events and event descriptions across multiple log files at once
  • View, filter, convert to/from, export and report on multiple types of log formats
  • Easily index and report on WhatsUp Event Archiver and WhatsUp Event Alarm databases
  • Use it standalone as a simple, powerful and cost-effective log reporting tool

Key Capabilities of the WhatsUp Event Analyst include:

Powerful and Intuitive Log Correlation and Analysis

WhatsUp Event Analyst is a powerful and intuitive tool for analyzing log data, filtering log entries and examining log files. Its special "windowing" technology enables administrators to correlate different cross sections of log records from multiple sources simultaneously without sacrificing speed. WhatsUp Event Analyst's highly intuitive interface allows network administrators to quickly sift through logs, jump to specific dates or rapidly scroll through them chronologically. It allows local storage of frequently sought after events and event filters, for easy access at any time. WhatsUp Event Analyst ships with many predefined filters that are of immediate use to almost every network administrator out of the box.

Support for Multiple Types of Log Formats

WhatsUp Event Analyst works with a wide-variety of log data formats. It can view, filter, convert to/from and report on saved EVT and EVTX log files, comma-delimited text files and log information from active computers. Like other components of the WhatsUp family of Event Log Management solutions, it uses the patented and exclusive Log Refiner ™ Technology to report on both Windows EVT and EVTX log formats simultaneously. WhatsUp Event Analyst can also easily access and analyze WhatsUp Event Archiver and WhatsUp Event Alarm data stored in Microsoft Access or Microsoft SQL databases.

Prepackaged and Custom Log Reporting

WhatsUp Event Analyst helps network professionals generate reports based on pre-designed modules (i.e. SOX, GBLA, PCI, HIPAA, FISMA, MiFID, GLB and others) or user-customized ones. Virtually any type of security event can have its key subfields parsed out, grouped, sorted and formatted inside WhatsUp Event Analyst's custom reporting engine. The clear and printer-friendly HTML and CSV reports prove invaluable for explaining network phenomena to managers and compliance officers, as well as providing security information to law enforcement agencies. WhatsUp Event Analyst aids compliance reporting through pre-built modules and with special capabilities like tracking of file and folder access and deletion – which is critical to many compliance efforts.

Automated Report Distribution Saves Time and Effort

WhatsUp Event Analyst prepackaged report modules can be scheduled using the WhatsUp Event Analyst Service. Scheduling a report is as easy as choosing a scheduled time and day, the source of the log records, a filter and an output folder. Reports may even be emailed automatically to a list of specified recipients.

Correlation and Analysis

  • 100+ predefined filters
  • Advanced event filtering based on past date ranges, event ID or computer look up
  • Ability to jump to specific dates, sift through logs or scroll them chronologically
  • Correlate and analyze across events and event descriptions across multiple log files at once
  • Tracking of successful and failed attempts by users to access objects and automated event correlation with related file or folder deletion activity

Reporting and Administration

  • Point-and-click reports for IT managers, security & compliance officers and law enforcement for key compliance initiatives:
    • Sarbanes Oxley
    • HIPAA
    • FISMA
    • PCI
    • MiFID
    • Gramm-Leach Bliley
    • Others
  • Includes LogRefiner™ technology to normalize and report on EVT (XP/2003) and EVTX (Vista or later) log files
  • Easy to use custom report designer enables creation and automatic distribution of insightful and compelling reports
  • Quick access to scheduled reports and past report distribution history
  • Custom domain configuration to manage multiple administrator roles and access
  • Easy export of pre-built report titles and information on what they target
  • Ability to test scheduled reports after creation to verify against requirements

Get answers, when you need them

Compliance-centric reporting (i.e. SOX, GBLA, PCI, HIPAA, FISMA, MiFID, GLB and others) ensures that vital information is always at hand for regulatory submissions, auditors or security officers, or management queries.

Event Analyst at a glance

  • Single reporting application for multiple log formats and stored log files in the databases of other WhatsUp family of Event Log Management solutions (WhatsUp Event Archiver and WhatsUp Event Alarm)
  • Powerful, yet easy to use filtering, correlation and analysis capability enables network administrators to quickly detect related and commonly occurring events
  • Intuitive and easy to share HTML reporting facilitates common understanding of network security events and promotes adherence to policies
  • Compliance oriented reporting ensures that vital information is always at hand for regulatory submissions or generating answers to specific auditor or management queries
  • Automated report scheduling and distribution saves time and effort of corresponding manual tasks
  • Pre-packaged, commonly used reports speed deployment and deliver immediate value out of the box
  • Condensed reporting formats improves manageability of event log volumes

Q: Do you offer prepackaged compliance-centric reports in Event Analyst? 
A: Yes. Reports needed to prove key compliance regulations (i.e. SOX, GBLA, PCI, HIPAA, FISMA, MiFID, GLB and others) are prepackaged, and you can quickly toggle between them to easily find the reports that are applicable to you, even if compliance regulations are new for you or your organization.

Q: Can Event Analyst read and filter event log entries from Event Archiver and Event Alarm compatible database tables? 
A: Yes, and it can export other event log sources directly into database tables for on-demand analysis.

Q: What sort of filtering capabilities does Event Analyst have?
A: Event Analyst ships with hundreds of predefined event log filters (e.g. in most major auditing categories), and you can also define and add your own to its internal database, sorting by OS type, log type, and category. Furthermore, you can create Advanced Filters to filter against Event Archiver or Event Alarm database tables using multiple field conditions without any knowledge of Microsoft SQL or Microsoft Access.

Q: What sort of reporting capabilities does Event Analyst have?
A: Event Analyst can produce detailed HTML reports of both filtered and non-filtered log sources. In addition, it contains prepackaged summary report modules already designed to extract certain types of information from log files into HTML and CSV reports. Finally, you can schedule these summary report modules to be created on a recurring schedule with the Event Analyst Service. 

Q: What event log sources can Event Analyst read from?
A: Active computer EVT files, saved EVT files, Microsoft comma-delimited text event log files, Event Archiver comma-delimited text event log files, and Event Archiver/Event Alarm database tables in Microsoft Access, Microsoft SQL, and Oracle. 

Q: What exporting features does Event Analyst have?
A: Event Analyst can export data into comma-delimited text files, Access/ODBC database tables, and/or HTML files.

Q: I have event logs from 20 servers and 100 workstations that I want to analyze. Event Analyst however runs on only my machine. How many licenses do I need?
A: Event Analyst is licensed per server and/or workstation from which logs are being analyzed. Therefore, you would need 20 server licenses and 100 workstation licenses.

Q: Can I work with multiple event log sources at the same time?
A: Yes, Event Analyst is a MDI (Multiple Document Interface) application, and uses a separate, multi-threaded window for each different log source being operated upon.