GFI EventsManager

How can we improve?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Customize PDF report filename

    ReportPack now creates pdf reports as system filename totally incongruent with the filter action, sense, and selections defined in custom-job.
    We need to customize the filename of the pdf reportfile as, for example, with the same name of the custom-job that generated that report.
    Thanks

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Null scheduled reports

    The schedule reports that inlude no data (No events were found matching the filtering criteria.) should not be emailed. The user should receive report only in case there are data to view

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Customize names for EventsManager Scheduled Report attachments

    I would like to control the naming of the pdf attachments of Events Manager scheduled reports. Previous versions of Events Manager and SELM were consistent with their attachment names (i.e. always named sched0_xxxxx.pdf, sched1_xxxxxx.pdf, etc.). This allowed us to run a script to rename them to something descriptive i.e. AAA - Account Lockout Report.pdf. We have several customers who we perform network monitoring for and the automated renaming script, although not ideal, was efficient.

    With Events Manager 2012 there is no consistency in the names of the report attachments. Since they are completely random we are unable to know which…

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. notify if no events being collected

    We don't look at system every day because we don't have a policy (or staff) yet that requires auditing daily. So we usually only look at it when there is a problem or something needs researched.

    In the old version we had this happen a couple times and already had it happen once in 2012 version, where events would just stop being collected and we wouldn't know about it until we needed something and it wasn't there. This is a big problem for devices that don't have local storage for syslogging and only send to GFI. It is also a…

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. More Active Directory Sync options

    In active directory we have a separate Organizational Unit for our Servers and client machines. An option I would like to have an option to have events manager automatically update it's collection sources based on these OU's.

    For example:
    I have a WebServers OU under a main OU called Servers under the default domain. All of our web servers are naturally under this OU and are all configured the same.

    In EventsManager I would like to have an event source that can be named something like WebServers and this group is configured to sync from Active Directory from the WebServers…

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Reading Events Archived by Windows

    Being able to access event log archives that may have been created prior to EventsManager and pull these events into the system would be fantastic. Would help get everything under one roof in a way.

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Real-Time Status display

    I am a long-time user of ServerMonitor. I am now being forced to convert to EventsManager with Active Monitoring only licenses. I would like to have a display of the current status of my servers. Currently, if I look at "Monitoring Statistice", if have a single failed check followed by successful checks, the row is still red. Also, I cannot remove the unused sections that don't apply to Active Monitoring, wasting a LOT of real estate on the screen!

    2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Server Compact 3.5 SP2 support ended in April 2018. It needs to be replaced/upgraded.

    Server Compact 3.5 SP2 support ended in April 2018. It needs to be replaced/upgraded.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add JSON syslog parsing support

    As more and more security appliances (especially linux based) are using JSON format for their syslog Eventsmanager should have out of box support for parsing this format.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add IP reputation data feeds

    Competing systems like Solarwinds LEM have already long time ago implemented IP reputation feeds. GFI should also incorporate IP reputation data in its product. Preferably from different sources.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add a visual syslog parsing schema editor

    Add a visual syslog parsing schema creator like in several other SIEM systems. Creating syslog parsing schemas is real pain in the butt at the moment. GFI should create an utility that allows visual creation of syslog parsing schemas from a existing log file. Like for example in a tool available to ArcSight users. See here: https://community.softwaregrp.com/t5/ArcSight-User-Discussions/HOW-TO-New-Syslog-FlexConnector-step-1/td-p/1588786

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. GFI Eventsmanager merge databases

    GFI EVT could create different databases when db rotation is enabled but unable to merge those db, so include that feature

    Regards

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Name and change event sources

    Once a event source is created it does not appear to allow editing if the source IP/Hostname changes.

    The ability to set a separate hostname or friendly name in addition to IP/Hostname would make reports more useful. We have lots of switches and routers that are referenced only by IP which makes making sense or reports difficult.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Correlation

    Provide correlation/use case for meaningful security event e.g.
    a) Brute force attacks rather than logon success or failure only
    b) SQL injection
    c) DDoS
    d) Worm outbreak

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. SNMP real-time dashboard

    Provide real-time dashboard for SNMP devices monitoring. e.g. system up/down, fan status, interfaces status, CPU utilization, memory utilization and so on

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Aggregation

    Aggregate event in stead of filter it. It helps in consolidate same type of events into one but do not want to reject it

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable more complex RegEx methods by adding support for matches method

    Currently RegEx used "match" method (https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex.match(v=vs.110).aspx), which requires the whole string to be separated from beginning to the end.

    With enabling "matches" method (https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex.matches(v=vs.110).aspx) more powerful RegEx patterns can be built to support variable syslog messages.

    Examples can be provided.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. "Run File" feature transfer event information to the execute file

    When event trigger ESM classified to critical or high event class, there is a "Run file" feature.
    According GFI support said (GFI-170602-489017), this feature can not transfer event info to the execute file or batch file.

    I think it is good to transfer event info and then I can do something myself.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Hierarchical Event Source Groups

    In our environment, it would be very beneficial to create "Event Sources Groups" inside other "Event Sources Groups" all while keeping "Inherit from Parent" as an available option across ALL configuration items in that sub-group.

    This is the reason behind this request. I manage multiple domains. The default groups you have in place are nice, but I end up tweaking credentials for servers in our different domains to use the correct login information.

    What I wanted to do was something like:

    domain1 - Set the default properties for the group here, i.e. Login Information, Active Monitoring Alerts, etc.
    - domain1\Domain…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Reporting: Columns in Layout tab based on event ID in General tab

    When preparing custom reports or adjusting the available ones, GFI EM2k13 should have the ability for users to have it much easier to prepare effective custom reports much quicker.

    As described here http://manuals.gfi.com/en/esm2013administrator/content/ACM/Topics/Reporting/Creating_custom_reports.htm if one criteria in General tab is e.g. Event ID = 4624, then when we want to check for IP (or other columns), under the Layout tab the selection criteria should be narrowed down only to columns which event ID 4624 provides.
    https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624#examples

    Right now, selecting from existing columns is an ugly mess because event IDs have various names for same columns.
    E.g. EID 4624 has: source…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

GFI EventsManager

Feedback and Knowledge Base