MORE INFORMATION


Products > Infraskope Server 2012 > Features

PRODUCT FEATURES


System Architecture

Scaleability

Allows scale-up and scale-out deployments

Storage

Microsoft SQL Server 2008+

Virtualization support

Microsoft HyperV and VMWare ESX

Agent-to-Server communication

XML Web Services, port 80/443

Collector-to-Server communication

TCP 1801

Security

SSL 128 bit (optional)

Log collection methods

Agent and agentless (remote)

Log integrity

row hash, X509 certificate, optional qualified time stamp

Log Collection Features

Central rule definition

YES

Discard noise events at the source

YES (with agent)

Store-and-forward in case of network outage

YES

Normalization

YES

Tagging / Classification

YES

Correlation

YES

Agent / Collector health monitoring

YES

Alerting mechanisms

Visual, e-mail, sms, application/script execution

Contextual parameters in alerts

YES

Active Directory integrated query

YES

Notify user and/or user’s manager

YES

Notify server administrator (AD-Managed By)

YES
 

Supported Log Sources

Microsoft Windows

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008 / R2 (32 / 64 bit)

UNIX platform

HP UX, Solaris, RedHat Linux, CentOS, SuSe Linux, Oracle Enterprise Linux, Ubuntu and other major Linux distros.

Network Devices

All devices with Syslog and SNMP Support

Firewall / Proxy

Microsoft ISA / TMG Server, SQUID, DansGuardian, CheckPoint, Cisco PIX/FWSM/ASA, Juniper, Fortigate, WebSense, ...

E-mail servers

Exchange Server 2003 / 2007/ 2010, Lotus Domino, Qmail, SendMail and other UNIX based messaging servers

Application servers

IIS 5.0, 6.0, 7.0 formatları, Apache, TomCat, Jboss and other text based or syslog based application servers

Database servers

Microsoft SQL Server, Oracle, IBM DB/2, SyBase, etc

IDS/IPS

ISS, Proventia, Snort,and others
 

Built-in Cursors (and alerts)

User and group management

Alert on user/group creation/deletion/change

Screen scraping

Alert on Prnt-Scrn or other screen-scraping application usage.

USB storage devices

Monitor USB storage usage

Application monitoring

Alert on predefined application usage such as crackers, sniffers, P2P, remote control apps, etc.

Network connections

Monitor and alert on secondary connections like GPRS, Bluetooth, wireless, etc.

Sniffers

Alert on usage of network sniffing software of any kind

Standalone computers (non-domain)

Detect and alert when a user logs on from a stand-alone computer (not joined to a domain)

Rogue DHCP servers

Alert on unauthorized DHCP servers.

ARP Spoofing

Monitor user computers and detect ARP spoofing attempts

Monitoring administrator activity

Monitor administrator activity such as administrators connecting to a user’s admin-shares (C$, ADMIN$, etc)

Privileged user logins

Alert on logons with power user or administrator privilege

TCP port monitoring

Monitor port usage including source and destination addresses, username, application name, …

Folder sharing

Alert on folder sharing operations
 

Inventory / Policy management

Hardware inventory

Detailed hardware inventory and change monitoring

Software inventory

Detailed software inventory, OS info, serial keys, etc

Registry value monitoring

Monitor registry values against a predefined value and alert on different value

File/Folder [non]existence

Monitor file and folder existence (or absence)