EventSentry

The company our IT department is working for, is a small to mid size company (~550 users).
Our team consists of two system engineers, which makes it challenging to always keep track of changes and events on our Windows servers.

We invested some time in searching for a suitable SIEM product for Microsoft Windows eventlog consolidation and event notification.
After we found other solutions to be either overkill/pushy or overpriced, we decided to evaluate EventSentry.

The installation was straight forward and intuitive.
It came with several pre-configured Windows event log packages to filter out unrelevant event log noise and to give you a quick clue about how the system works:

Define...
..which event log / source to monitor
..the IDs you are interested in
..actions to take if the event occurs

Besides this important process of constantly monitoring the Windows event logs of all our Windows servers we soon found out that theres more for us:
- Monitor changes to important system files and directories
- Monitor MS Active Directory
- Monitor software installation and changes
- Consolidate custom log files like for Microsoft Exchange
- and so much more

To be honest, it took some time and testing until we had EventSentry configured to track all the relevant edges of our infrastructure.
But during that time it was always a pleasure to work with the not-buggy and intuitive GUI.

Also, we learned to love the Webinterface (WebReports) which displays all kind of status information and lets us search and filter through all the event logs and software products we use.

After 2-3 months EventSentry totally became a part of our daily work life, running stable and reliable.
This product is a valuable addition for our security roadmap, as it gives us the possibility to verify its effectiveness and automate counter measures.

And theres still a lot to discover and utilize (we currently only monitor Microsoft Windows systems).

Notable is also the customer support and documentation. Communication was always easy and directly.
A bug I reported was quickly fixed and even a feature request I sent in has been implemented within a very short time.

The documentation is comprehensive and useful.

Trialing the software was easy and seamlessly without notable impact on our servers, so you should defenetly give this a try!

EventSentry is used here to collate event logs, spot errors and trends in our network and security issues that need to be re-mediated. we've found it to be very useful in root cause analysis and troubleshooting network issues. the support staff are amazing and cannot be recommended enough!

I utilized this apparatus for right around 2 years now. Its extraordinary for both, for the lethargic sysadmin that need to do a few ticks and have a screen devices working and for the one (like me) that need to screen nearly everything even things that are not typical or out of any standard rundown. Extraordinary device for little/medium ar very huge windows and promotion organizations.

Installing is very easy indeed from scratch, deploying the monitor to our endpoints again was done in a few clicks, select your computer group ( linked to AD) click deploy agent and go and thats it !

as with every system it takes a bit of getting used to how to exclude or include log filters and filter the notifications ( which were very easy to setup - outgoing smtp) down to alerting you to only important things

playing with the settings and netsentry's help area and videos has got me doing things like detecting large amounts of file changes on a file server as possible ransomware and cutting the file shares

i'm actually looking forward to seeing what else i can automate

First days of you I felt a little lost, then I use the help center and the videos that the company has and start working with it perfectly. They have an AWESOME customer care. They will reply your questions at their forum real quick.