For most enterprises, collecting, storing, and analyzing data from all users and privileged accounts requires significant storage space and substantial time to gather event data and expertise. This is exactly the challenge that Quest InTrust is designed to solve.

With Quest® InTrust®, you can monitor all user workstations and administrator activities, including everything from login to logout and every action in between. By leveraging 20:1 data compression, it significantly reduces storage costs while retaining event logs from Windows, UNIX/Linux servers, databases, applications, and network devices for years. InTrust’s real-time alerting feature automatically responds to suspicious activities, enabling you to quickly address potential threats.

Gather and store all local or third-party workstation logs from various systems, devices, and applications in a platform with search capabilities. This platform provides real-time security and compliance reports.

InTrust offers a unified view of Windows Event Logs, UNIX/Linux logs, IIS and web application logs, PowerShell audit trails, endpoint protection systems, agents and firewalls, virtualization platforms, network devices, custom text logs, and Quest Change Auditor events.

Monitor user workstations and administrator activities, tracking everything from login to logout and all actions in between. This ensures protection against modern cyberattacks, such as phishing and ransomware.

Collect and store detailed information about user access, including who performed what actions, when they occurred, on which server, and from which workstation source.

InTrust consolidates encrypted event logs from distributed sources into a standardized format, including key details such as users, content, time, and location. This helps you better understand log data, especially when dealing with diverse system logs from various applications.

With InTrust®, you can analyze structured data within system event logs and accurately parse the information. Its unique full-text indexing feature enables effortless searches of historical log data, facilitating quick reporting, troubleshooting, and security investigations.

Collect vast amounts of data and store it in a highly compressed repository (indexed data at a 20:1 compression ratio, non-indexed data at a 40:1 compression ratio), effectively reducing storage costs by up to 60%. This ensures compliance with data retention policies and regulatory standards such as HIPAA, SOX, PCI, and FISMA.

An InTrust server can process up to 60,000 events per second and supports simultaneous log writing from 10,000 agents, enabling greater efficiency, scalability, and significant hardware cost savings. For large enterprises requiring additional capacity, simply add another InTrust server to distribute the workload—scalability is virtually unlimited.

Instana monitors unauthorized or suspicious user activities, such as creating files exceeding threshold limits, using file extensions associated with known ransomware attacks, or executing suspicious PowerShell commands. Threats are addressed immediately through real-time alerts.

InTrust enables automated responses to suspicious events, such as blocking activities, disabling non-compliant users, revoking changes, and/or initiating emergency audits with ease.

InTrust enables the creation of a cache space on remote hosts to store copies of event logs as they are generated, safeguarding them from tampering or deletion.

InTrust supports reliable integration with Splunk, QRadar, ArcSight, and other common system log formats (RFC 5424, JSON, Snare), significantly reducing your annual SIEM licensing costs.

By collecting and storing event log data long-term, InTrust filters the data according to industry standards and forwards relevant logs to existing SIEM solutions for real-time security analysis.

Centralize the management of all Quest security and compliance solutions to gain deeper insights. With IT Security Search, you can correlate data from InTrust, Change Auditor, Enterprise Reporter, Recovery Manager for AD, and Active Roles in a Google-like IT search engine, enabling faster security incident response and forensic analysis.

Leverage rich visualizations and event timelines to easily analyze user permissions and activities, event trends, suspicious patterns, and more.

Effortlessly convert results into various report formats, including HTML, XML, PDF, CSV, TXT, and Microsoft Word, Visio, or Excel. Schedule reports to be automatically delivered to departments, or choose from a library of built-in event log reports.

With data import and integration workflows, subsets of data can be automatically forwarded to SQL Server for more advanced analysis.

• Reduce storage costs and ensure compliance with highly compressed and indexed log repositories.
• Easily search activities of all endpoint users and privileged accounts through a single platform.
• Enable fast reporting, troubleshooting, and security incident investigations.
• Gain insights into your data with normalized local event logs.
• Seamlessly integrate with your existing SIEM solutions.
• Respond to threats instantly with real-time alerts and automated responses.
• Protect event logs from tampering or destruction by creating secure copies.