rsa envision event explorer -...
Post on 06-Mar-2018
218 Views
Preview:
TRANSCRIPT
Visualize All the Data™
RSA enVision Event Explorer offers a dynamic flexible
window into your complex enterprise infrastructure. You are
able to quickly analyze event data and create clear, targeted
snapshots that reveal trends and usage patterns. Security
vulnerabilities can be viewed in real-time for up-to-date
assessment of events and incidents. The Event Explorer
offers a complete view of All the Data and user-specific
custom dashboards can be created for easy monitoring and
advanced historical analyses. In addition, Event Explorer can
pass search criteria to your existing security and network
applications allowing more detailed investigation. For
example, enVision identifies a virus associated with a
specific IP address and passes that address to your network
management application for further investigation.
Transform Data into Actionable Intelligence
From Event Explorer you can monitor your computing
environment in real-time, identifying events such as user
activity, login failures, or network connections. Initially, you
may elect to use the included charts and tables for
monitoring. As your needs expand, you can utilize either the
easy-to-use standard editor or the ANSI-compliant SQL
editor to customize your filtering, graphing, and reporting
requirements. Event Explorer’s interface can be easily
adapted to local character sets. Localization can be simply
adapted by translating the literals in the Event Explorer
properties file from English to the local language.
Event Explorer includes the following categories of pre-
defined graphs and queries out of the box:
– Firewall, including Top Firewall Interfaces, File Access
through Firewall, and Login Failure Summary
– Database, such as Login Activity, Authorization Level and
Authorization Level by User
– Intrusion detection, including Top Attack Signatures,
Attack Type by Severity Level, and IDS Signature
Summary
– Operations, such as Device Activity Analysis, Activity by
Event Category, and Network over Time
– User, including Privilege Users Monitoring, Configuration
Change Details and Activity by Specific Username
Real-time Analysis
Timely, Intelligent Response
RSA enVision Event Explorer displays multiple concurrent
views of your enterprise. The powerful interactive query
capability with filtering, sorting, and aggregation, accesses
enVision’s Logsmart IPDB database, giving you access to All
the Data. Event Explorer’s advanced graphing capability,
tabular data visualization, and ad hoc reporting turns raw
data into consumable, actionable intelligence by device or
across your computing environment. Event Explorer custom
dashboards simplify monitoring and allow you to focus on
what you need to know.
In addition, Event Explorer includes Task Triage for
documenting and embedding incident details for
investigation. Event Explorer evaluates, correlates, and
prioritizes incidents based on pre-defined rules with regard
to the type of device being attacked. The relevant context is
At a Glance
— Quick and easy access to real-time compliance-
sensitive and operational data
— Flexible dashboard interface customized to user
preferences allowing the examination of a specific
event or a holistic view of the systems within your
enterprise
— Full forensic event playback to ensure comprehen-
sive trend and historical analysis and reporting
RSA enVision™ Event Explorer
Interactive Log Analysis and Graphical Monitoring for Compliance and Security Management
RSA offers industry-leading solutions in identity assurance
and access control, encryption and key management,
compliance and security information management and
fraud protection. These solutions bring trust to millions of
user identities, the transactions that they perform and the
data that is generated. For more information, please visit
www.RSA.com and www.EMC.com
preserved for thorough investigation and a message can
be escalated to your enterprise incident management
system, allowing you to comply with your corporate
incident handling workflow process.
RSA enVision Event Explorer offers a view into security
incidents and automates the investigation. Event Explorer
can interactively query RSA enVision’s integrated
vulnerability database. The vulnerability database is
updated continuously with current known threats and
attack signatures, ensuring access to the latest
information needed to identify security vulnerabilities
and their associated details.
Licensing and Evaluation
One to five concurrent user licenses, depending on the
appliance model, are included with the RSA enVision 60
Series. The client application requires a minimum of 1GB of
RAM, while 2 GB is highly recommended. RSA enVision 60
Series customers can purchase up to 15 additional Event
Explorer concurrent user licenses per distributed site.
About RSA
RSA, The Security Division of EMC, is the premier provider of
security solutions for business acceleration, helping the
world’s leading organizations succeed by solving their most
complex and sensitive challenges. RSA’s information-centric
approach to security guards the integrity and confidentially
of information throughout its lifecycle — no matter where it
moves, who accesses it or how it is used.
©2007 RSA Security Inc. All Rights Reserved.All the Data, RSA, RSA Security, enVision and the RSA logo are either registeredtrademarks or trademarks of RSA Security Inc. in the United States and/or othercountries. EMC is a registered trademark of EMC Corporation. All other products andservices mentioned are trademarks of their respective companies.
EVEX DS 0507
Attacks.Access.Modification = 68
Attacks.Access.ModificationTCP/IP = 15
Attacks.Access.ModificationNetwork Based.HTTP = 205
Attacks.Access.Modification.HostBased.Overflow = 33
Attacks.Access. = 39Attacks.Denial of Service = 12
Event Explorer’s Easy-to-graphIntrusion Detection Summary
An Enterprise View ofPrivileged Users
top related