Secnology SECagent

SECagent actively captures event data from systems that cannot send it, which ensures that real-time analysis is complete and comprehensive.  This is an important issue for most organizations because not all systems and devices on the network are able to send their event data to either a central or a distributed repository on their own.  While some systems and devices can send events to a predetermined location on the network, there are many which cannot fulfill this requirement. This can create an important hole in comprehensive network infrastructure and security management system.  To assess fully the state of the network for the systems and devices deployed all event data must be available and fully analyzed. SECagent fills this gap and is able to get event data from sources that are unable to send them. It will fetch, watch, pull, and send this data to SECcollect on the fly.  SECagent is able to watch file systems, Windows events, data files, folders, registry keys and Active Directory events. This product ensures that all events, whatever the platform, are available for a comprehensive network infrastructure and security management real-time analysis as well as for retrospective analysis. SECagent can:

• Manage and control file and folder integrity
• Manage user rights and access privileges on files and folders
• Audit in real-time user activity on targeted files and folders
• Audit in real-time access and changes to Active Directory

With SECagent Find

• All the systems to which a specific user is connected
• The users who connected to a specific system in a certain time frame
• All the changes that occurred to group members in Active Directory
• The changes in users accounts
• All read access to a file or group of files on a critical server