What does the Event Viewer do?
The Event Viewer collects data from sensors and security tools through syslog. This provides security analytics used by our threat hunters to find and stop attacks and ensure your security tools are capable of finding the threats they were supposed to across the enterprise.
This replaces the need for Security Information and Event Management (SIEM) and Log Aggregation tools for medium-sized organizations and helps with compliance and building of reports.
Frequently Asked Questions
Does it replace my SIEM?
Yes; we provide retention of logs, dashboards and reports as well as aggregate data for alerts to replace legacy SIEM functionality.
What log sources are supported?
The service focuses on security data such as firewalls and web-filters. Our sensors already capture everything about your endpoints and servers.
How long is data kept?
IntelliGO Event Viewer allows you to store data as long as required. We provide virtual machines that allow customers the ability to add as much storage capacity as they require.
What makes it different to a SIEM?
Our team uses our tool to automate collection and analysis through our threat hunts so it acts like a managed SIEM. We also collect all OS data from sensors so there is no need to onboard applications, databases and other logs to get security information - we are already collecting it.
Are analysts looking at the dashboard 24 hours a day?
Threat hunters use data once a day to find and classify threats. If there are rules which send notifications or take action automatically, a response is triggered. If an incident requires attention off hours, our team can be available around the clock to work through issues as required.