What's New
For a full list see the feature list page here.
Easy Auditor Enhancements:
Quick Scan Path Search - New architecture to accelerate results for path searching when no user is specified. The user search is already indexed in a way to easily find all events by a user. The new search index will offer the same search speed for a path search. (patch release coming soon)
AI Analytics of user behavior - Analysis of the Auditor database can determine the optimal Ransomware Defender settings to best protect data and avoid false positives. (patch release coming soon)
WireTap provides filtering, folder browsing and event filtering. Complete update with advanced filtering options full screen UI. Realtime IO monitoring of users, paths , folder trees, or single folder. Allows debugging performance issues.
Real-time Syslog Forwarding - Allow the ECA cluster to forward formatted syslog message to 3rd parties example SIEM tools, event filtering for user, path, event type with regex filters
Where did my folder go? It will now track directory deletes in a fast cache lookup, and copy and paste results to Excel
HDFS protocol auditing - Supported now with current release
Builtin reports have been enhanced for performance and provide partial results while they execute
Optimized active audit triggers offers more performance at higher event rates to real-time DLP and Mass delete triggers
Active Auditor - Realtime Audit Triggers - Automate security, "No MORE Report Reading"
If this happens and OR that happens send an alert, triggers do not use the database and process event data with stream based analytics.
Predictive Analytics - Each custom trigger created evaluates event data over 1 minute intervals and every 5 minutes a prediction computation runs to provide more accuracy to your security policies getting triggered.
Combine path, user and event types into a customized real-time audit policy that continuously monitors events and fires a trigger when the condition is met.
Geofencing by user or path - Network Aware Security - Real-time triggers can use the source ip of hosts or even entire subnets. This allows a whole new security layer that can alert when access to storage is from authorized subnets or detect remote access from VPN or Wifi Guest networks
Combined with user, path, file action, file name and more options powerful Geofence polices can be created to secure your data with network aware policies.
This allows and event to be sent via email or configure syslog forwarding to a SIEM.
The only customizable real-time audit solution with no lag auditing for PowerScale.
S3 Object data access reporting with Easy Auditor for Onefs 9.x releases.
Supports reporting on data access based S3 protocol access to the cluster
Supported Features
Reporting based on query builder
Wiretap
Where did my Folder go? delete of folders, file only
Ransomware Defender Enhancements:
No HDFS needed!!!! We have redesigned Ransomware Defender to no longer needed HDFS. Easier to install with fewer dependancies
New GUI for flag as false positive to view users that have been flagged and reset the a user to factor default detection settings
Allow file list add UI for whitelisting files on the dynamic extension list
SIEM Integration - audit data real-time syslog forwarding
Security Enhancements:
IGLS cli command to automate changing eyeglass service account password and restarting the process to take affect. Useful for customers with a lot of clusters and regular password change policy can now automate this task.
Cluster Storage Monitor:
Large AD direct collection over LDAP will support direct connect to AD to collect users and groups. Supports 1 million or greater object collection in < 2 minutes.
This new collection method will be shared by all products that need this information example Ransomware, defender, Cluster Storage Monitor all need user to SID resolution and user to group information.
Eyeglass Cluster Agent:
New distributed model allows remote sites to be managed by Mini-Eca a single VM to collect audit data and forward it centrally for process, analysis, storage and searching. This is designed for customers that have distributed clusters and want centralized security and ransomware defense of all clusters.
New model can support PowerScaleSD clusters used at edge locations and offer centralized services.
- New in 2.9.0
On Clicking View the Report tab will show a new window with all the events in that Report.
The Auditor Report View will show different fields like User, Event Type, Time , Cluster , Path, Client IP , New Name and Status of the operation. Some fields will be empty based on the Event Type that was done on it.
The downloaded CSV file will also have the same fields present as searching and filtering.
- New in 2.5.3
- Auto Save Report to an NFS mount igls command to change location of saves and remount to PowerScale for centralized report storage
- Streamed Result Reporting - Long running queries will now return data for every 50,000 records and the CSV file will allow partial download of results while the query continues to execute.
- Reports now support 1,000,000 records for CSV download
- Active Auditor - real-time policy based auditing
- Mass Delete detection
- Data Loss Prevention detection
- Actions- alarm, lockout, snapshot
- What's Happening now? A new way to audit based on stream processing technology that builds an indexed in memory view or active paths with IO visible in a new file system audit viewer that is visible before being written to the database.
- Avoids searching for audit events with the last 48 hours. Auto refreshed based on current event stream
- Allows filtering based on time or event type
- New ECA Alarm detection for audit event ingestion issues
- New ECA Alarm for failure to write to Analytics Database
- New ingest IGS CLI select a date range of gz PowerScale archived audit events.
- Ingest missing data
- Ingest data on disk before Easy Auditor installation
- Avoids and detects duplicate events during ingestion process
- Load Balance processes on 6 node ECA clusters
- Historical search logs UI archives all query logs to the PowerScale over HDFS with UI to download or navigate logs
- Support for 1 Million events in CSV reports
- Support for continuous results feature that allows retrieval of partial report data while its running 50 000 events at a time. Cancel a report search if the data required is already returned
- Support for NFS User ID in reports for NFS audit events plus source IP of the NFS client in reports
- New Builtin reports
- HIPAA Report and Security report for Login , logoff an failed logins by AD user report. Each time a user authenticates to PowerScale or is logged off a netbios session an audit record will be saved for a new Builtin report
- Employee Exit Report - captures all user activity for 30 days for sending to HR as a record upon an employee leaving your company
- HA Ingestion with TuruboAudit
- if an ECA node goes down Turboaudit will move ingestion log processing to another ECA node. When the ECA comes online turboaudit will balance the work load between ECA nodes again.
- checkpointing log position is written into cluster controller and allows another ECA to process at the same place in the log file that was last processed
- Load balancing node audit ingestion between ECA nodes. Dynamic load balancing audit log files between ECA nodes.
- RobotAudit - This feature performs continuous auditing by creating user events as an SMB connected user. The events are created , ingested and stored in the database. The Robot audit process runs reports and counts file and directory events and logs success or failure. This offers the highest level of confidence that audit data is being processed and stored. The audit lag is the time from when an event is created to when the data is searchable.
- Existing Release
- Quick searching for audit events with filtering and data range
- Running reports with csv and summary HTML reporting with download and email
- Scheduled reporting of searches to find specific audit events
- Wiretap real-time event monitoring by user or path
- Where did my folder go search interface for directory renames
- Scalable storage with HDFS and HBASE billions of audit records stored in compressed search able format
- Native PowerScale storage for Analytics database protected by snapshotIQ and syncIQ lowers the cost of storing and protecting audit data
- Real-time event processing with automatic triggered responses
- Integrated with Eyeglass DR and Ransomware Defender into unified single pane of glass
- Role based management and login with centralized AD or PowerScale user account database