Event log search capabilities are necessary to investigate unauthorized activity or breaches in security across the enterprise.
There are many reasons why security personnel or administrators may want to dig into event logs. In some cases, they may need to do it for security reasons. In other cases, it may be necessary for troubleshooting purposes. Many compliance requirements state that event logs must be reviewed, periodically as well. The information within the event logs is vital in determining when, how, or what specific activity has occurred. Privileged-user abuse, escalation of permissions, or unauthorized access to private data by employees may need to be investigated quickly. Solid forensics capabilities are a hallmark for a good log management solution.
LogClarity® offers two powerful forensics search capabilities; Quick Search and Advanced Search. Both data mining techniques are valuable to use depending on the circumstance. Quick Search is a common approach to data mining event logs when users are not looking for any specific system problem or security infraction. Quick Search allows users to get an overview of event log data about any specific Object (i.e. User, group OU) without requiring the user to define a full-index search query. Advanced Search options enable users to be very specific and detail oriented with their search options. Users can easily zero in on very specific events, without having to match an exact event log pattern like other solutions.