We are happy to present Evy, the EvLog Artificial Intelligence module! Once enabled, Evy will start to collect statistics about the events recorded on your computer. In other words, Evy learns about what the computer is analyzing and uses that to make some educated guesses, very much like humans do.
Evy is able to detect when "something happened", when things are not normal, and when improvements are necessary to make the reporting information more relevant. As it is the case with any intelligent entity, Evy will get smarter as EvLog evolves and more sets of data are analyzed. In time, Evy will be able to detect patterns in the logs and do some of the thinking for the overworked system admins of the world!
Example of "live" Evy comments:
The number of errors, warnings and failures is about the same as last week. If there are problems in the event log that keep reoccuring, you should look into them. If you determine that they can be ignored, then configure EvLog to discard them.
There are 12 types of events recorded. The typical number of types of events for this day of the week is 14.
Evy will collect data under the /history EvLog application folder. It needs at least a week worth of analysis to build the basic history so for the first 7 days of analyses it will say just that, that there isn't sufficient information to provide any useful comment. As we update EvLog, Evy will be taught to provide more useful comments.
Once an analysis is performed, a sample of each event is available for training purposes. Open the Teach Evy interface and instruct Evy about the importance of each event. After a few events, Evy will be able to have an opinion about each event, it it is important or if it should be ignored. Once you trust Evy to take the right decision you can set EvLog to report only the events tha Evy considers important.
Evy was born on Aug 6, 2013 so currently she is 6 years old.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.