Keep Auditors Happy and Satisfy Compliance Requirements
Archiving & Storage
ELM utilizes Microsoft SQL Server databases to store event, log, and performance data efficiently and securely for both reporting and archiving purposes. Our advanced controls allow you to automate your data management policies while maintaining peak performance.
The Primary Database stores the most recent event log entries complete with normalized event message details.
The Failover Database prevents loss of monitoring and alerting functions when the Primary is under maintenance or is offline.
The Archive Databases (optional) store long-term event log data for compliance and security policy support.
Data Normalization
In addition to its availability and scalability, Microsoft SQL Server utilizes a star schema architecture reducing storage requirements by up to 50%. This normalization process stores the often verbose descriptive text of an event only once. Then, each time that event is received, only the unique event parameters are inserted into the database. Most Windows security events are pre-loaded into the databases.
Microsoft SQL Server also supports data partitioning to quickly and reliably migrate large time-concentric data sets between databases; a powerful tool for archiving event logs.
If ELM is being utilized more strictly for monitoring and alerting purposes, rather than archiving, the optional SQL Express databases included with each ELM install package will support most applications.
Reports and Schedules
Data Profile Reports Include
- Data Profile – Partitions
- Data Profile – SQL Server
- Data Profile – Various
Event Summary Reports Include
- Events by Computer
- Events by Source
- Events by Type
Standard Reports for Installed Applications
- Application Inventory by Computer
- Application Inventory by Product Name
- Application Inventory by Publisher
Standard Reports for Installed Operating Systems
- Operating Systems by Computer
- Operating Systems by Product
- Operating Systems by Version
Standard Security Reports Include
- Computer Account Change
- Computer Account Management
- Group Account Management
- Group Policy – Critical
- User Account Change
- User Account Management
Standard Security Logon Activity Reports Include
- Activity by Server
- Activity by User
- Activity by Workstation
- Audit Failures
- Terminal Services Activity
Standard Security Object Access Reports Include
- Object Access Detail
- Object Access Summary
- Object Access Type
Standard Security Privilege Use Reports Include
- Privilege Use by Date
- Privilege Use by Server
- Privilege Use by User
ELM Enterprise Manager comes with dozens of pre-defined reports to give you detailed visibility of your systems’ health and status.
These reports are designed to help analyze network activity and meet various security and compliance requirements. Reports can be viewed in both graphical display or tabular data and scheduled to run at regular intervals.
Custom reports can also be created from any Event View. These could be events received from a select category of devices and based on unique include and exclude filters.
Reports can focus on mission critical servers exclusively, and schedules can be defined or published to automatically report on these metrics at regular intervals.
All reports are also fully customizable with logos and other identifying information for your company or customers whom you provide services to.