Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

Is there an active development for SmartEvent Policy features?

I cannot fail to see that most of the features in SmartEvent Policy are quite dated. Most of the items in the policy are dated as far back as 2006 and 2010, the only two exceptions being Mobile Access (2013) and Firewall Session (2014).

Integration with 3rd party is quite limited in scope, given how many newer notable entrants to the field are outthere.

I do not really have a customer case to drive this, but it is a shame to have a baked-in automation capabilities platform that was neglected from the start.

Having modern integration option with MS Events and Defender Enterprise would be nice.

If anyone else thinks it is a good idea, please mash the "Kudos", even if it will not get many it would, at the very least show the degree of interest or the lack of it.

3 Replies
PhoneBoy
Admin
Admin

Keep in mind SmartEvent is not a general purpose SIEM.
We did offer some integrations in past versions, some of which are still present.
We haven't added more recent ones, though I suppose the infrastructure to do so is there.
Most of our efforts have been in making the data available in better ways for other SIEMs (thus Log Exporter).

0 Kudos
Vladimir
Champion
Champion

I know about the past integrations, but to me, when you are showcasing the capabilities of the SmartEvent and are using some of the automation options, when clients seeing "Last Updated in 2006", you can feel the temperature drop. I think that CP can do better by either removing the dates and replacing them with versions in there, or actually reviving it a bit to update the capabilities and coverage.

0 Kudos
Vladimir
Champion
Champion

As an example, there is still, at least in R80.40 SmartEvent documentation package a section on importing Windows Events. It is referring to the WinEventToCPLog_983000013_1.tgz last updated in 2014. Its implementation requires manual mapping of Windows events fields to those of SmartLog. For each user that would want to implement it.

What is beyound me is why it is required on the user side, vs. being pre-compiled before distribution. It is not likely that those field maps would vary from one customer to the other.

Also, and I would not want to try it now, I recall trying it before and observing that the installer of the WinEventToCPLog had distinct circa Windows 2000 look and feel to it. So again, if the tool is referenced in the current documentation, a bit of the upkeep may be a good thing:)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events