Superna Eyeglass® Easy Auditor Feature list

Release 2.5.8 Key Features​​​

Easy Auditor Release 2.5.6  build 20158

  1. Logon log off events now in query builder and supports date range searches (builtin report is deprecated)

  2. Where Did my folder go? Major updates

    1. Now tracks file and folder deletes and renames automatically after upgrade​

    2. Scalability enhancement to support time range searches within a day

    3. Optimized for folder or file searches

    4. Search results limit enhancement defaults to 5000 results with CLI command to increase this limit

    5. Copy to clipboard scalability and speed improvement tested up to 5000 results

    6. visual display of the # of events returned by the search

    7. Time selector added to begin a search from a specific day and time

Easy Auditor Key Features Previous Releases:

  1. Quick Scan Path Search - New architecture to accelerate results for path searching when no user is specified.  The user search is already indexed in a way to easily find all events by a user. The new search index will offer the same search speed for a path search. (patch release coming soon)

  2. AI Analytics of user behavior - Analysis of the Auditor database can determine the optimal Ransomware Defender settings to best protect data and avoid false positives. (patch release coming soon) 

  3. WireTap provides filtering, folder browsing and event filtering. Complete update with advanced filtering options full screen UI.  Realtime IO monitoring of users, paths , folder trees, or single folder.  Allows debugging performance issues.

  4. Real-time Syslog Forwarding - Allow the ECA cluster to forward formatted syslog message to 3rd parties example SIEM tools, event filtering for user, path, event type with regex filters

  5. Where did my folder go?  It will now track directory deletes in a fast cache lookup, and copy and paste results to Excel

    1. file deletes, time range and move, delete of folders makes day to day operations easy with a simple UI.​

    2. Help Desk Read only role to moving this locating data to front line help desk.

  6. HDFS protocol auditing - Supported now with current release

  7. Builtin reports have been enhanced for performance and provide partial results while they execute

  8. Optimized active audit triggers offers more performance at higher event rates to real-time DLP and Mass delete triggers

  9. Active Auditor - Realtime Audit Triggers - Automate security, "No MORE Report Reading"

  10. If this happens and OR that happens send an alert, triggers do not use the database and process event data with stream based analytics.

  11. Predictive Analytics - Each custom trigger created evaluates event data over 1 minute intervals and every 5 minutes a prediction computation runs to provide more accuracy to your security policies getting triggered.

  12. Combine path, user and event types into a customized real-time audit policy that continuously monitors events and fires a trigger when the condition is met.

  13. Geofencing by user or path  - Network Aware Security - Real-time triggers can use the source ip of hosts or even entire subnets.  This allows a whole new security layer that can alert when access to storage is from authorized subnets or detect remote access from VPN or Wifi Guest networks

  14. Combined with user, path, file action, file name and more options powerful Geofence polices can be created to secure your data with network aware policies.​

  15. This allows and event to be sent via email or configure syslog forwarding to a SIEM.

  16. HIPAA - Compliance Reports

    1. 164.308(a)(5)(ii)(C) - Log in Monitoring built-in report

      1. User data access based on authentication audit messages allows compliance with HIPAA requirements to report on users that access data based on authentication records​

  17. Easy Auditor Active Auditing Inline Analytics 

    1. Mass Delete file policy - Monitor paths for X files deleted in Y minutes with alarm and SnapshotIQ snapshots on paths that trigger mass delete policies. Analysis runs on the ECA cluster as events are processed. Per User policy​

    2. Data Loss Prevention Policy - Monitors a path for x % of data read over Y minutes per user will trigger an alert of possible data leak or bulk copy of secure data. Analysis runs on the ECA cluster as events are processed.

    3. Custom triggers - the only real-time audit product for Isilon with user, path, folder, network aware triggers 

  18. Scheduled Searches will send info alarm with name of the search in the email subject.

  19. Builtin Reports​

    1. Employee Exit Report - quick easy search for HR when an employee leaves the company​

  20. Auditing Features​

    1. Support for NFS file access User ID and source client IP address in reports that made the file change or access​

    2. NFS UID mapped to AD, NFS local user friendly name resolution in reports

    3. Auto Save Report to an NFS mount igls command to change location of saves and remount to Ision for centralized report storage

    4. New ECA Alarm detection for audit event ingestion issues

    5. New ECA Alarm for failure to write to Analytics Database

    6. New ingest IGS CLI select a date range of gz Isilon archived audit events.  

      1. Ingest missing data

      2. Ingest data on disk before Easy Auditor installation

      3. Avoids and detects duplicate events during ingestion process

    7. Load Balance processes on 6 node ECA clusters

    8. Historical search logs UI archives all query logs to the Isilon over HDFS with UI to download or navigate logs

    9. Support for 1 Million events in CSV reports

    10. Support for continuous results feature

      1. Allows retrieval of partial report data while its running 50 000 events at a time. Cancel a report search if the data required is already returned

    11. Support for NFS User ID in reports for NFS audit events plus source IP of the NFS client in reports

    12. Update to WireTap to support new internal event streaming architecture

  21. Beta Features in this release​

    1. Robot Audit 

      1. This feature performs continuous auditing by creating user events as an SMB connected user.  The events are created , ingested and stored in the database.  The Robot audit process runs reports and counts file and directory events and logs success or failure.  This offers the highest level of confidence that audit data is being processed and stored.  The audit lag is the time from when an event is created to when the data is searchable.

      2. General:

      3. Alarm emails are now basic html, no images included - subject of email includes application name and user name if relevant to the alarm.

      4. Alarm codes now visible in the UI​

      5. Email subject includes the application name that created the alarm for alarm filtering

      6. igls command to change the severity of any alarm type, example sync jobs can generate a lot of alarms and are sent as critical. igls command can change this alarm code to major or warning on a per alarm code basis. This allows customers to lower severity of alarms without changing the global alarm severity filter settings. 

      7. Easy Auditor Overview:

      8. HIPAA - Compliance Reports

      9. 164.308(a)(5)(ii)(C) - Log in Monitoring built-in report

      10. User data access based on authentication audit messages allows compliance with HIPAA requirements to report on users that access data based on authentication records​

      11. Easy Auditor Active Auditing Inline Analytics 

      12. Mass Delete file policy - Monitor paths for X files deleted in Y minutes with alarm and SnapshotIQ snapshots on paths that trigger mass delete policies. Analysis runs on the ECA cluster as events are processed. Per User policy​

      13. Data Loss Prevention Policy - Monitors a path for x % of data read over Y minutes per user will trigger an alert of possible data leak or bulk copy of secure data. Analysis runs on the ECA cluster as events are processed.

      14. Scheduled Searches will send info alarm with name of the search in the email subject.

      15. Builtin Reports​

      16. Employee Exit Report - quick easy search for HR when an employee leaves the company​

      17. Auditing Features​

      18. Support for NFS file access User ID and source client IP address in reports that made the file change or access​

      19. NFS UID mapped to AD, NFS local user friendly name resolution in reports

      20. Auto Save Report to an NFS mount igls command to change location of saves and remount to Ision for centralized report storage

      21. New ECA Alarm detection for audit event ingestion issues

      22. New ECA Alarm for failure to write to Analytics Database

      23. New ingest IGS CLI select a date range of gz Isilon archived audit events.  

      24. Ingest missing data

      25. Ingest data on disk before Easy Auditor installation

      26. Avoids and detects duplicate events during ingestion process

      27. Load Balance processes on 6 node ECA clusters

      28. Historical search logs UI archives all query logs to the Isilon over HDFS with UI to download or navigate logs

      29. Support for 1 Million events in CSV reports

      30. Support for continuous results feature

      31. Allows retrieval of partial report data while its running 50 000 events at a time. Cancel a report search if the data required is already returned

      32. Support for NFS User ID in reports for NFS audit events plus source IP of the NFS client in reports

      33. Update to WireTap to support new internal event streaming architecture

      34. Beta Features in this release​

      35. Robot Audit 

      36. This feature performs continuous auditing by creating user events as an SMB connected user.  The events are created , ingested and stored in the database.  The Robot audit process runs reports and counts file and directory events and logs success or failure.  This offers the highest level of confidence that audit data is being processed and stored.  The audit lag is the time from when an event is created to when the data is searchable.