InTrust

Event log management software. Your organization’s most valuable asset is its data and the users who have access to it — but you’re only as secure as your user workstations. Collecting, storing and analyzing all user and privileged account data generally requires large amounts of storage, time-consuming collection of event data and in-house expertise about the event log data collected. That’s where we come in.

Quest InTrust is smart, scalable event log management software that lets you monitor all user workstation and administrator activity from logons to logoffs and everything in between. Slash storage costs with 20:1 data compression, and store years of event logs from Windows, UNIX/Linux servers, databases, applications and network devices. InTrust real-time log monitoring and alerting enables you to immediately respond to threats with automated responses to suspicious activity.

Download Free Trial
Request Pricing
InTrust
Tech Specs Resources Support
Download Free Trial

20:1

Data compression

60K

Events per second

60%

Storage cost savings

Central log collection
Event log compression
Simplified log analysis
Alerting and response actions
SIEM integration

Central log collection

Collect and store all native or third-party workstation logs from various systems, devices and applications in one, searchable location with immediate availability for security and compliance reporting. Get a unified view of Windows event logs, UNIX/Linux, IIS and web application logs, PowerShell audit trails, endpoint protection systems, proxies and firewalls, virtualization platforms, network devices, custom text logs, as well as Quest Change Auditor events.

Event log compression

Collect and store years of data in a highly-compressed repository, 20:1 with indexing and 40:1 without, so you can save on storage costs by up to 60%, satisfy data retention policies and ensure continuous compliance with HIPAA, SOX, PCI, FISMA and more.

Simplified log analysis

Consolidate cryptic event logs from disparate sources into a simple, normalized format of who, what, when, where, where from and whom to help you make sense of the data. Unique, full-text indexing makes long-term event data easily searchable for fast reporting, troubleshooting and security investigation.

Alerting and response actions

Watch for unauthorized or suspicious user activity, such as file creation beyond threshold limits, using file extensions of known ransomware attacks, suspicious process launches or fishy PowerShell commands. Respond to threats immediately with real-time alerts. InTrust enables you to easily trigger automated responses to suspicious events, like blocking the activity, disabling the offending user, reversing the change and/or enabling emergency auditing.

SIEM integration

InTrust delivers easy and reliable integration with Splunk, QRadar, ArcSight and any other SIEM supporting common Syslog formats (RFC 5424, JSON, Snare). With InTrust’s predictable per-user license model, you can collect and store as much data as you need for as long as you want. Then use pre-built filters based on industry best practices to forward only relevant log data and alerts to your SIEM solution for real-time, security analytics. This integration enables you to slash your annual SIEM licensing costs.

How much data are you sending to SIEM?

Try this ROI calculator to see how much money you can save your organization.
Calculate Savings Now

Additional features

User workstation log monitoring

Protect your workstations from modern cyberattacks, such as pass-the-hash, phishing or ransomware, by monitoring user and administrator activity — from logons to logoffs and everything in between. Collect and store all essential details of user access, such as who performed the action, what that action entailed, on which server it happened and from which workstation it originated.

Hyper scalability

One InTrust server can process up to 60,000 events per second with 10,000 agents or more writing event logs simultaneously, giving you more efficiency, scalability and substantial hardware cost savings. And for large, enterprise organizations who need more volume, you can simply add another InTrust server and divide the workload — scalability is virtually limitless.

Improved insights with IT Security Search

Leverage the valuable insights from all of your Quest security and compliance solutions in one place. With IT Security Search, you can correlate data from InTrust, Change Auditor, Enterprise Reporter, Recovery Manager for AD, and Active Roles in a responsive Google-like, IT search engine for faster security incident response and forensic analysis. Easily analyze user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.

Automated best practice reporting

Easily convert investigations into multiple report formats, including HTML, XML, PDF, CSV and TXT, as well as Microsoft Word, Visio and Excel. Schedule reports and automate distribution across teams or choose from a vast library of predefined best practice reports with built-in event log expertise. With data import and consolidation workflows, you can even automatically forward a subset of data to SQL Server for further advanced analysis.

Tamper-proof logs

Protect event log data from tampering or destruction by creating a cached location on each remote server where logs can be duplicated as they are created.

Abu Dhabi Ports

With InTrust and Change Auditor, we have confidence that all changes and other actions are properly audited and tracked, and all the data is automatically consolidated and stored in an encrypted repository.

Zaid Al-Ali Infrastructure & Service Delivery Manager, Abu Dhabi Ports

Fortune 500 Automotive & Transport Company

I believe the product offers invaluable security reporting and alerting capabilities. While other products do similar things, I feel that InTrust is positioned to enable a quick implementation that delivers immediate value in the audit and compliance arena.

Senior IT Manager, Fortune 500 Automotive & Transport Company

Federal Government

We are using Quest InTrust for management of event logs in an environment where auditing is turned up way too high. We are looking at Splunk for analytics and are in the process of setting up ingestion of the InTrust repository contents.

Engineer, Federal Government

    Tour

    Real-time log collection
    Pre-defined searches
    SIEM event forwarding
    Unix/Linux log management
    Syslog parsing
    Interactive user sessions
    Password spray alerts
    PowerShell monitoring
    Dynamic operators
    Export built-in reports
    IT Security Search

    Real-time log collection

    Automate real-time gathering of event logs from a single console with our event log management software. 

    Pre-defined searches

    Use pre-defined searches to zero in on critical event data with our log monitoring tool

    SIEM event forwarding

    Use best practice filters to selectively forward only relevant data to your SIEM to reduce costs, minimize event noise and improve threat hunting efficiency and effectiveness.

    Unix/Linux log management

    Collect, store and search events from Unix and Linux syslog with our event log management software.

    Syslog parsing

    Syslog data differs drastically between applications. With InTrust, you can detect structured data inside syslog events and parse this data correctly.

    Interactive user sessions

    Monitor user session activity — from logons to logoffs and everything in between.

    Password spray alerts

    Pre-defined alerts watch for suspicious user activity with our event log management software

    PowerShell monitoring

    Automated response actions can minimize the impact of modern PowerShell-based attacks such as pass-the-hash with our event log management software

    Dynamic operators

    Send email notifications to specific users and their managers with our log monitoring tools

    Export built-in reports

    Export built-in reports for troubleshooting and review.

    IT Security Search

    Find everything associated with a user or object using simple search terms. View results in a simple format of who, what, when, where, whom and workstation.

    Specifications

    Default Set of Components

    The components installed by default are InTrust Deployment Manager, InTrust Server and InTrust Repository Viewer. If you customize the selection to install individual components, see the requirements for the components you need in the InTrust System Requirements document supplied in the product download. If you use the default selection, the combined requirements are as follows:

    Architecture
    • x64
    Operating System
    • Microsoft Windows Server 2022
    • Microsoft Windows Server 2019
    • Microsoft Windows Server 2016
    CPU

    Min. 4 cores (for example, for evaluation purposes).

    For any real-world uses, at least 8 cores are recommended.

    Memory

    Min. 4GB (for example, for evaluation purposes).

    For any real-world uses, at least 8GB are recommended.*

    Additional Software and Services
    • Microsoft .NET Framework 4.8 or later with all the latest updates
    • Microsoft SQL Server Native Client 11.0.6538.0 or later (version 11.0.6538.0 redistributable package of the client is included in the InTrust distribution) Important: Install the required version of the client in advance, and only then install InTrust.
    In a virtualized environment

    If you deploy InTrust on a virtual machine, make sure the CPU and memory requirements above are met, and do not overload the virtual machine host.

    For the configuration database:
    • Microsoft SQL Server 2022
    • Microsoft SQL Server 2019
    • Microsoft SQL Server 2017
    • Microsoft SQL Server 2016
    • Azure SQL Managed Instance

    Blogs

    Top 3 logs to spot and stop COVID-19 workstation attacks for your remote workforce 

    Gain insights into the essential logs to monitor in order to detect and prevent attacks, especially in a remote work environment.

    Brian Hymer

    Rising RDP attacks as an avenue for ransomware; and mitigation strategies 

    Learn about RDP attacks: the connection between Remote Desktop Protocol (RDP) and ransomware attacks, and how you can limit your exposure.

    Jennifer LuPiba

    Remote Workforce Productivity: Give Managers the Tools to Help Overwhelmed Users Manage Their Workload 

    Discover how IT admins can give managers the tools they need to help overwhelmed users manage their workload in the growing remote workforce.

    Jennifer LuPiba

    New in Quest InTrust - Suspicious process creation detection 

    In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protect...

    Sergey.Goncharenko

    Want to see if someone is attempting a known CVE in your infrastructure? Just collect logs 

    Something really cool about honeypots and deception technology, in general, is that you can see a hacker or a penetration tester in action with very little false positive notifications. Deception also can help with detecting yet unknown threats that

    Sergey.Goncharenko

    New in Quest InTrust - Real-Time alert notification in the Event Log 

    Quest InTrust is a very powerful log management framework which also contains a lot of possible ways to notify about triggered alerts: Email alertsSCOM connector

    Sergey.Goncharenko

      Get started now

      Monitor user activity. Slash storage costs. Respond to threats quickly
      Download Free Trial
      Request Pricing

      Support & services

      Product Support
      Self-service tools will help you to install, configure and troubleshoot your product.

      Support Offerings
      Find the right level of support to accommodate the unique needs of your organization.

      Professional Services
      Search from a wide range of available service offerings delivered onsite or remote to best suit your needs.