Supercharger Free

Stop wrestling with Event Viewer. Supercharger Free provides

  • At a glance, single pane of glass view of entire Windows Event Collection (WEC) environment
  • Pre-built security filters with noise suppression based on Randy Franklin Smith's ultimatewindowssecurity.com
  • Wizard-based create/update/delete/view of subscriptions
  • Step-by-step guidance for new WEC implementations

Install Supercharger Free

Single Pane of Glass

Supercharger's manager/agent architecture installs in minutes and displays your global WEC environment on a single pane of glass. Check the status of event forwarding from your browser or even your phone.

Centrally Manage Subscriptions

Create/edit/delete subscriptions with a click.

Filter the Noise with Help from UltimateWindowsSecurity.com

Pre-built managed filters leverage our deep knowledge of the Windows Security Log. Point and click to create Xpath queries that collect the events you want while leaving the noise behind.

New to Windows Event Collection?

Step-by-step guidance for new WEC implementations

  • Implement native Windows Event Collection fast and easily
  • Monitor more endpoints while reducing load on your SIEM
  • Eliminate the burden of installing and updating of agents
  • Avoid the push back from server admins who resist agents
  • Efficiently collect every event log on your network
    • Without the noise
    • Without the agents
    • Without the polling
  • Manage very large WEC environments - 100,000+ endpoints, multiple domains
  • Instantly visibility
    • Who's sending events and who isn't? Why?
    • Where are the problems?
    • What is the performance?
  • Detect new programs as soon as they execute anywhere on your network
  • Reduce licensing costs for volume based log management technologies
  • Catch intrusions earlier in the attack
  • Meet compliance requirements
  • Improve endpoint security

Supercharger Enterprise

Supercharger Enterprise builds on top of Free Edition features:

Supercharger Enterprise expands on this foundation, providing comprehensive enterprise management of your global Windows Event Collection environment.

Evaluate Enterprise for 30-days - Keep Free Edition

Collector Health

Supercharger monitors every aspect of collector health alerting you via color-coded dashboard, events sent to your SIEM and optionally email to any issue affecting event log collection. Supercharger detects if and when WEC becomes overloaded and begins to drop events which could result in lost audit trails or allow intrusions to go undetected.

Subscription Health

Supercharger monitors the status of every source computer for every subscription in your environment. Supercharger queries Active Directory for membership of each group assigned to a subscription and compares these computer accounts to the source computers reported by WEC. After filtering out non-existant, dormant or disabled accounts Supercharger shows you which endpoints are sending events and which ones are missing. If percentage of healthy forwarders falls below your specified threshold the subscription goes red and you are alerted.

Boost Throughput and Stability

Out of the box, a Windows Server is not optimized for dedicated Windows Event Collection and above only 2,500 events per second (EPS) we start to see stability issues and dropped events.

Supercharger can automatically optimize WSMan settings, event logging buffers, the TCP/IP stack and HTTP.SYS settings to increase EPS by multiple factors while almost eliminating WEC instability issues and dropped events which can compromise instrusion detection, compliance and audit controls. In our tests we are able to sustain 30,000 events per second.

Load Balancing

What if you have tens of thousands of workstations or hundreds of servers that simply produce more events than one Collector can keep up with?

Supercharger Enterprise can automatically distribute and balance this load across multiple controllers with Load Balanced Subscriptions.

Managed Event Log Filters

One of the most powerful features of Windows Event Collection is its ability to define advanced filters that define exactly which events you want to forward – and those that are just “noise” and should be left behind. But building these filters requires specialized knowledge of XML query syntax and of the event logs you are collecting.

Supercharger helps you build powerful filters whether you know XML query and we provide special help for the Security Log thanks to our relationship with UltimateWindowsSecurity.com. Managed filters are where you find these capabilities. Once you build your filter you can assign it to multiple subscriptions without duplicating it.

Custom Event Logs

To simplify configuration of downstream configuration and for optimal performance you should maintain a one-to-one mapping between log types and destination logs on collectors. This requires creation of additional custom event logs which is a technical and laborious process. Supercharger provides one-click custom log creation.

Purge Old WEC Sources

Event sources records build up indefinitely in the registry which in high-turnover environments become substantial. WEC never deletes old sources. Supercharger can purge old event sources after a user defined interval.

Policy Based Management

Collector Policies enforce centralized configuration control and can automatically optimize collectors for throughput and dependability. Subscription Policies ensure subscriptions are configured consistently across your entire environment and allow you to manage similar subscriptions the same way without duplicating settings.

Security

Role based access control using Active Directory.

Performance Monitoring

Spot unusual activity levels. Supercharger surfaces key performance counters to the dashboard with visualizations that plot current activity against 7-day peak and average.

  • CPU
  • Disk free space
  • Events Per Second for each destination log
  • Events Lost for each destination log

Capacity Planning

Analyze hourly performance stats to predict when additional collectors will be needed. (coming soon)

Evaluate Enterprise for 30-days - Keep Free Edition

Supercharger’s Manager/Agent architecture is built around around WEC subscriptions and the Windows servers (aka Collectors) that host them. Other Supercharger objects include Collector Policies, Subscription Policies and Managed Filters.

The above environment shows 9 subscriptions across 3 collectors in 2 domains. Supercharger manages all of these from a single dashboard. You'll also notice 3 other types of objects in Supercharger:

  • Collector Policies allow you to define values for the many different configuration settings WEC provides at the server level. You can assign a given Collector Policy to multiple Collectors and be sure they are all configured consistently. There is a Default Collector Policy which comes with Supercharger out of the box. You can define additional Collector Policies that
  • Subscription Policies are like Collector Policies but at the Subscription level. Both Supercharger and WEC have a number of settings on Subscriptions that determine how the subscription works in WEC and how Supercharger handles it as well. You can configure these settings as a Subscription Policy and assign that policy to each subscription across your environment that needs to be configured the same way.
  • Managed Filters One of the most powerful features of Windows Event Collection is its ability to define advanced filters that define exactly which events you want to forward – and those that are just “noise” and should be left behind. But building these filters requires specialized knowledge of XML query syntax and of the event logs you are collectoing. Supercharger helps you build powerful filters whether you know XML query and we provide special help for the Security Log thanks to our relationship with UltimateWindowsSecurity.com. Managed filters are where you find these capabilities. Once you build your filter you can assign it to multiple subscriptions without duplicating it.

Supercharger's Manager/Agent architecture allows to install and manage your entire Windows Event Collection environment within minutes. One Supercharger Manager can handle many Windows Event Collectors. Then add the Supercharger Agent to each collector. Volia!

  • Manager - Windows Server 2012 R2 or later
  • Collector - Windows Server 2008 R2 SP1 or later

Installing Supercharger

Physical Architecture

Download SuperchargerEnterprise Pricing