GFI EventsManager

How can we improve?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Add IP reputation data feeds

    Competing systems like Solarwinds LEM have already long time ago implemented IP reputation feeds. GFI should also incorporate IP reputation data in its product. Preferably from different sources.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add a visual syslog parsing schema editor

    Add a visual syslog parsing schema creator like in several other SIEM systems. Creating syslog parsing schemas is real pain in the butt at the moment. GFI should create an utility that allows visual creation of syslog parsing schemas from a existing log file. Like for example in a tool available to ArcSight users. See here: https://community.softwaregrp.com/t5/ArcSight-User-Discussions/HOW-TO-New-Syslog-FlexConnector-step-1/td-p/1588786

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. GFI Eventsmanager merge databases

    GFI EVT could create different databases when db rotation is enabled but unable to merge those db, so include that feature

    Regards

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Name and change event sources

    Once a event source is created it does not appear to allow editing if the source IP/Hostname changes.

    The ability to set a separate hostname or friendly name in addition to IP/Hostname would make reports more useful. We have lots of switches and routers that are referenced only by IP which makes making sense or reports difficult.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. TLS 1.2 support

    GFI Events Manager should support TLS 1.2 in order to improve communication security.

    5 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Correlation

    Provide correlation/use case for meaningful security event e.g.
    a) Brute force attacks rather than logon success or failure only
    b) SQL injection
    c) DDoS
    d) Worm outbreak

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. SNMP real-time dashboard

    Provide real-time dashboard for SNMP devices monitoring. e.g. system up/down, fan status, interfaces status, CPU utilization, memory utilization and so on

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Aggregation

    Aggregate event in stead of filter it. It helps in consolidate same type of events into one but do not want to reject it

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable more complex RegEx methods by adding support for matches method

    Currently RegEx used "match" method (https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex.match(v=vs.110).aspx), which requires the whole string to be separated from beginning to the end.

    With enabling "matches" method (https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex.matches(v=vs.110).aspx) more powerful RegEx patterns can be built to support variable syslog messages.

    Examples can be provided.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. "Run File" feature transfer event information to the execute file

    When event trigger ESM classified to critical or high event class, there is a "Run file" feature.
    According GFI support said (GFI-170602-489017), this feature can not transfer event info to the execute file or batch file.

    I think it is good to transfer event info and then I can do something myself.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Hierarchical Event Source Groups

    In our environment, it would be very beneficial to create "Event Sources Groups" inside other "Event Sources Groups" all while keeping "Inherit from Parent" as an available option across ALL configuration items in that sub-group.

    This is the reason behind this request. I manage multiple domains. The default groups you have in place are nice, but I end up tweaking credentials for servers in our different domains to use the correct login information.

    What I wanted to do was something like:

    domain1 - Set the default properties for the group here, i.e. Login Information, Active Monitoring Alerts, etc.
    - domain1\Domain…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. I would like to request export to excel or csv file option from the Reporting menu instead of pdf only

    I would like to request export to excel or csv file option from the Reporting menu instead of pdf only

    3 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Reporting: Columns in Layout tab based on event ID in General tab

    When preparing custom reports or adjusting the available ones, GFI EM2k13 should have the ability for users to have it much easier to prepare effective custom reports much quicker.

    As described here http://manuals.gfi.com/en/esm2013administrator/content/ACM/Topics/Reporting/Creating_custom_reports.htm if one criteria in General tab is e.g. Event ID = 4624, then when we want to check for IP (or other columns), under the Layout tab the selection criteria should be narrowed down only to columns which event ID 4624 provides.
    https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624#examples

    Right now, selecting from existing columns is an ugly mess because event IDs have various names for same columns.
    E.g. EID 4624 has: source…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Command

    A more robust command-line tool.

    We have been using EventsManager for several years and the management console is very slow to load, change tabs and limited in what you are allowed to see and manipulate.

    This is a problem in itself, but my suggestion is to offer sys admins a more robust alternative to the GUI interface. I recognize GFI does offer some command-line tools (such as ESMCmdConfig.exe, EsmDlibM.exe, etc.), but these only allow control of general management settings and are mostly used to manipulate the event database.

    Specifically, it would be helpful to have the following cmd-line features (in…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. EventsManager - Alert Threshold Settings Should Limit Number of Notifications Sent

    EventsManager - Alert Threshold Settings currently do not allow the end user to specify the number of notifications sent once an alert is triggered. By default, EventsManager will send one notification for each event processed and accounted for as part of the threshold. This can pose issues with E-mail or SMS congestion if a critical process or event occurs.

    Example A) EventsManager is configured to sent E-mail alerts on a failed system sign-on event - If 10 or more of these events are logged within 60 seconds, send a Notification. Currently, if a process running constantly experiences a password reset…

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Database Rotation Notification

    Create a notification (email alert) on when a successful database rotation occurs

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Multiple Email Servers

    I would like the option to add an external mail server in addition to the internal mail server, G-Mail or otherwise. It's a little hard to get an alert about your mail server when it's sent from the mail server that is having an issue.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Smarter Monitoring Checks

    I only use Monitoring Checks (ICMP ping and Disk space). ICMP ping isn't smart enough to alert when a node comes back on line. Disk space generates unnecessary 'RPC server is unavailable' alerts because it doesn't know that a node went down. The older GFI NSM 7.0 sends alerts after a node comes back on line. It also knows not to process additional checks until that node is back on line. Please reinstate those functionalities in EventsManager!

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Reportd in PDF or XLS

    I would like to generate reports directly in PDF or XLS format

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

GFI EventsManager

Feedback and Knowledge Base