GFI EventsManager
-
ESM:Event Correlation between W3C, SNMP, Syslog and Eventlogs
This is what the competitors does (for example Arcsight, EMC...). I know that this is very complex but it would be a nice Feature and selling point. An expample: You log in via VPN (Syslog/SNMP), connect via RDP (Windows event) and send an email message (W3C).
If this is possible you can better track user activities and do a better forensic analysis.
1 vote -
Default Event Source Group for SBS
We run SBS 2008 (and previously 2003). It'd be really nice if there was a default Event Source group with pre-defined filtering rules for SBS servers. Trying to decide if SBS is an infrastructure server, database server, print server, wweb server, or file server is always a tough call, since it's really all of the above, and trying to copy the default settings from each of these groups to make one for SBS is a pain. I left a bit too much enabled the last time I reinstalled and crippled our network because EM was collecting so much data.
1 vote -
PCI compliance ruleset
The GFI EventsManager need a default PCI compliance ruleset for unix/linux/syslog in EventsManager
1 vote -
STOP "No events were found matching the filtering criteria." reports
include the ability/option to prevent reports with "No events were found matching the filtering criteria." from being generated or being sent
1 vote -
Add NERC CIP Pre-defined Report to ESM
An evaluating customer suggested that we add the NERC CIP standards to the choices of pre-defined reports. Here is a link:http://www.nerc.com/page.php?cid=2|20 and the requirements crossmap over to PCI, HIPAA, etc. Our competitors have this type of report available (just google NERC CIP)...
1 vote -
Open a ruleset repository for other products
I've discussed with some distributors in emea, that it would be a good idea to implement or to open a location (e.g. in the User Forum) to share customer created rulesets. I think that will be a big improvement, because if someone has spend some time and work to create a ruleset for a special product or vendor, it will make it easy to share this work with other customers.
1 vote -
Event manager service disabled trap
I have a client that uses EventManager to audit administrative file access from users w/ admin rights. They would like a way to be notified if GFI services are stopped, or even trap such an occurrence, to ensure that those people with adminstrative rights aren't circumnavigating GFI's file access logging.
1 vote -
Oracle auditing and SID's
I suggest you to allow defining more than one SID on a Oracle events source. At the moment we can define only one SID on a host, and we can't add the same host specifying another SID, because the host is already defined. We can partially bypass the problem inserting two entries for the same host, one with the host name and the other one with the ip address, anyway using this solution there is no way to collect events for more then two SID's on the same host.
1 vote -
Adding Commnets
Since the main purpose of this tool is for reviewing logs, is there a facility to add comments to the logs (for e.g. what action we have taken for that particular event etc & then generate a report to show as evidence for log reviewing to Auditors).
1 vote -
Product Upgrade Instructions
I suggest you...provide a detailed upgrade installation document which includes screen shots of the installation wizard so we know what to expect and can gather the necessary information to answer the prompts.
Will we lose our existing db? Do we need to create a new db?
will our config settings be retained, or if not can we import a backup copy from the previous version?
Will all our custom rules be retained?Those of us who have gone through past upgrades and lost data bases, and config settings now need reassurance each time.
1 vote -
Offline mode
EventsManager should have an offline mode, so that consultants could import saved logs and analyze them just as if they were collected online.
1 vote -
New report filter to manages groups of ActDir
We have a group of long list of users that need to be monitored login/logout.
Instead of define manually a filter by user/account in wich write a row for each user that belongs to thist group, with need a filter where define one or more groups.
GFI EvManager will ask to ActiveDir in order to get the users that belong to that specific group and will produce a report sorted by user.1 vote -
Bring back silent installation
II would like the ability to perform a silent installation to be re-instated in EventsManager 2012, ideally just like it used to be with previous versions, i.e.:
EventsManagern /s /f1C:path.issAs servers move towards being headless - having a GUI will merely be an option in Windows Server 8 - it seems a backwards step to disallow silent installation.
1 vote -
Sort Time Field when sort Date field in Events Browser
When in Events Browser and you click the Date field to sort, add an implied sort to the Time field. Currently, if you click Date to show newest date at the top, the Time field continues to sort ascending, with events at 1am at the top of the list ahead of events at 4pm. But the intent of the user clicking the Date field is to see the newest events at the top (or the oldest events at the top). So please add a connection that when you click the Date field to sort, the Time field is sorted to…
1 vote -
Ability to Export or Import Single Rule or Rule Folder
Add the ability to export or import a single Event Processing rule or Event Processing Rule folder. This would allow customers to share custom rules with each other such as on the support forum, or allow GFI support to provide rules for special situations.
1 vote -
Database operation schedule or command line tool
Database operation schedule now can configure only one schedule. Why not each operation job has its own schedule?
If it is not possible, please consider to provide command line tool and we can use Windows schedule to run it!1 vote -
display alert send log
Currently we cant know which alert send and when/who it sends from GUI. Please add it.
1 vote -
Bulk Actions Application
provide the ability to apply custom "actions profile" actions to mulitple rules instead of having to change one rule at a time.
1 vote -
Allow imports into user defined database
Provide a dialog box to allow the user to specify which database to import events into. This would allow a user to import and review old data in a way that ensures the data set does not get mixed with live data.
1 vote -
Allow Events Manger to save EVT file in EVT format
Provide a function for a user to select a monitored windows log and to "save" in EVT format, but have GFI do an event collect just before the log is saved/cleared. Our admins need to save EVT in binary format. This causes a concern about event collection timing and the possibility of missing uncollected events if the log is manually cleared.
1 vote
- Don't see your idea?