By default, EventSentry is not affected by the Heartbleed unless SSL is enabled on the built-in PostgreSQL database.
See below for a list of all EventSentry components:
Web Reports
The EventSentry Web Reports utilize Tomcat, which uses JSSE and not OpenSSL by default. If Tomcat was reconfigured to use OpenSSL instead of JSSE, then the web reports will be vulnerable (assuming that SSL was enabled).
PostgreSQL Database
If SSL is enabled in the PostgreSQL database, SSL traffic can be compromised and EventSentry should be updated to the latest version (v3.0.1.78 or higher). For maximum security, the certificate used with PostgreSQL should be re-generated.
Certificates
If a certificate used in the EventSentry Web Reports was also used in a vulnerable OpenSSL application (e.g. PostgreSQL, Apache, ...), then the certificates should be re-generated even though the Web Reports themselves are not vulnerable.