rsa envision event explorer -...

Visualize All the Data™

RSA enVision Event Explorer offers a dynamic flexible

window into your complex enterprise infrastructure. You are

able to quickly analyze event data and create clear, targeted

snapshots that reveal trends and usage patterns. Security

vulnerabilities can be viewed in real-time for up-to-date

assessment of events and incidents. The Event Explorer

offers a complete view of All the Data and user-specific

custom dashboards can be created for easy monitoring and

advanced historical analyses. In addition, Event Explorer can

pass search criteria to your existing security and network

applications allowing more detailed investigation. For

example, enVision identifies a virus associated with a

specific IP address and passes that address to your network

management application for further investigation.

Transform Data into Actionable Intelligence

From Event Explorer you can monitor your computing

environment in real-time, identifying events such as user

activity, login failures, or network connections. Initially, you

may elect to use the included charts and tables for

monitoring. As your needs expand, you can utilize either the

easy-to-use standard editor or the ANSI-compliant SQL

editor to customize your filtering, graphing, and reporting

requirements. Event Explorer’s interface can be easily

adapted to local character sets. Localization can be simply

adapted by translating the literals in the Event Explorer

properties file from English to the local language.

Event Explorer includes the following categories of pre-

defined graphs and queries out of the box:

– Firewall, including Top Firewall Interfaces, File Access

through Firewall, and Login Failure Summary

– Database, such as Login Activity, Authorization Level and

Authorization Level by User

– Intrusion detection, including Top Attack Signatures,

Attack Type by Severity Level, and IDS Signature

Summary

– Operations, such as Device Activity Analysis, Activity by

Event Category, and Network over Time

– User, including Privilege Users Monitoring, Configuration

Change Details and Activity by Specific Username

Real-time Analysis

Timely, Intelligent Response

RSA enVision Event Explorer displays multiple concurrent

views of your enterprise. The powerful interactive query

capability with filtering, sorting, and aggregation, accesses

enVision’s Logsmart IPDB database, giving you access to All

the Data. Event Explorer’s advanced graphing capability,

tabular data visualization, and ad hoc reporting turns raw

data into consumable, actionable intelligence by device or

across your computing environment. Event Explorer custom

dashboards simplify monitoring and allow you to focus on

what you need to know.

In addition, Event Explorer includes Task Triage for

documenting and embedding incident details for

investigation. Event Explorer evaluates, correlates, and

prioritizes incidents based on pre-defined rules with regard

to the type of device being attacked. The relevant context is

At a Glance

— Quick and easy access to real-time compliance-

sensitive and operational data

— Flexible dashboard interface customized to user

preferences allowing the examination of a specific

event or a holistic view of the systems within your

enterprise

— Full forensic event playback to ensure comprehen-

sive trend and historical analysis and reporting

RSA enVision™ Event Explorer

Interactive Log Analysis and Graphical Monitoring for Compliance and Security Management

RSA offers industry-leading solutions in identity assurance

and access control, encryption and key management,

compliance and security information management and

fraud protection. These solutions bring trust to millions of

user identities, the transactions that they perform and the

data that is generated. For more information, please visit

www.RSA.com and www.EMC.com

preserved for thorough investigation and a message can

be escalated to your enterprise incident management

system, allowing you to comply with your corporate

incident handling workflow process.

RSA enVision Event Explorer offers a view into security

incidents and automates the investigation. Event Explorer

can interactively query RSA enVision’s integrated

vulnerability database. The vulnerability database is

updated continuously with current known threats and

attack signatures, ensuring access to the latest

information needed to identify security vulnerabilities

and their associated details.

Licensing and Evaluation

One to five concurrent user licenses, depending on the

appliance model, are included with the RSA enVision 60

Series. The client application requires a minimum of 1GB of

RAM, while 2 GB is highly recommended. RSA enVision 60

Series customers can purchase up to 15 additional Event

Explorer concurrent user licenses per distributed site.

About RSA

RSA, The Security Division of EMC, is the premier provider of

security solutions for business acceleration, helping the

world’s leading organizations succeed by solving their most

complex and sensitive challenges. RSA’s information-centric

approach to security guards the integrity and confidentially

of information throughout its lifecycle — no matter where it

moves, who accesses it or how it is used.

©2007 RSA Security Inc. All Rights Reserved.All the Data, RSA, RSA Security, enVision and the RSA logo are either registeredtrademarks or trademarks of RSA Security Inc. in the United States and/or othercountries. EMC is a registered trademark of EMC Corporation. All other products andservices mentioned are trademarks of their respective companies.

EVEX DS 0507

Attacks.Access.Modification = 68

Attacks.Access.ModificationTCP/IP = 15

Attacks.Access.ModificationNetwork Based.HTTP = 205

Attacks.Access.Modification.HostBased.Overflow = 33

Attacks.Access. = 39Attacks.Denial of Service = 12

Event Explorer’s Easy-to-graphIntrusion Detection Summary

An Enterprise View ofPrivileged Users