NetAuditor® Event Manager
NetAuditor expands network security event management (SEM) strategies beyond basic end-point protection by accelerating the detection and automated response that leading firewall manufacturers omit in their border security offerings. NetAuditor includes automatic end-user identity association, geographic location identification by region; country; and service provider, Internet content categorization, real-time monitoring, and network event triggers.
NetAuditor provides a dashboard component for a fast and convenient way to search through all of your processed event data. You can select any date that you have processed data for and then start searching for traffic of interest. If you choose "today", the dashboard listings will auto-refresh as new data is processed in for the current day.
The dashboard provides a number of options for quickly finding data you are interested in:
- Filtering options include device, date, and group membership using LDAP; IPv4; IPv6; Host; and User Name.
- Options exist to enable viewing per dashboard by volume and accesses. Additionally, each dashboard has interactive search fields with expression based syntax to quickly find data.
For more comprehensive information NetAuditor provides on-demand and automated reporting. Perhaps you found something in the dashboard you need more detailed information on. Perhaps you need more comprehensive summary/bandwidth reports, reports on firewall security alerts, traffic trends over time, or you want a PDF automatically generated every night/week/month for you to review. NetAuditor reporting provides several views to assist in managing reports and provides secured access.
Configuring reports enables an end-user to run, save, or schedule a new report. It will show you a list of all available report templates, which will be grouped by report categories. Properties exist for distributing via Email and FTP, and export formats include PDF, XLS, and HTML.
The most critical properties when configuring a report are the date range you want to run it for and whether you want to run it immediately, save the currently selected options so you can reuse them later, or schedule it to run automatically.
Distribution options allow you to choose the report's file format (PDF, Excel, RTF, CSV, TXT, or HTML) and where to deliver it. All completed reports will automatically be stored in an archive, which equates to the manager's "Completed Reports" list. However, completed reports can also be delivered automatically via email, FTP, etc. NetAuditor's delivery mechanism allows custom scripts to be written to provide custom delivery methods.
Additional formatting options allow you to easily tailor the report output to your audience.
Filters are important to consider them when configuring a report. If you have multiple devices and you only want to see data logged by one of them, specifying a filter on that device will make the report run faster and will make the resulting report smaller. When running detail reports, you could end up with a report that is too large to open. It could easily be on the order of millions of pages.
NetAuditor includes trend-based monitoring and notification to provide real-time awareness of traffic patterns. Where the dashboard allows you to perform "Top N" searches of your processed data, the monitors allow you to tell the NetAuditor processing engine to watch for something specific as data is processed in real-time. You can check the monitor component at any time and instantly see all monitored traffic for the past 24 hours (down to 1-minute increments). You can set up alerts or event triggers to have the processing engine alert you immediately if the monitored traffic exceeds certain thresholds.
User groups are important in NetAuditor for a number of reasons. In addition to providing a cleaner way to group/filter/search your users when viewing your network traffic, it is also the primary means of providing access control to your manager accounts. For example, if you want a sales manager to be able to log into NetAuditor and set up reports and/or monitors on his sales team (without letting him see traffic generated by other departments), you need to set up a user group that exists for his team and then you need to provide him with a manager account that only has access to that user group.
Groups can be defined by different types of membership rules:
- IPv4 and IPv6
- User and Host
Tracking Historical Changes
NetAuditor provides basic support for tracking historical changes in group membership rules. LDAP membership rules are special in that they automatically keep track of historical moves/adds/changes for individual users. Tracking Historical changes is critical when staff enter and depart from the organization or as roles and responsibilities change. This makes reporting and the dashboard historically accurate regardless of how many times a person has changed departments or as a user walks from zone to zone in a Wi-Fi network.