Security monitoring
with the LOGON package


ServicePilot security-logon


What is Windows Event Security Logon?

Windows Logon is when an entity is involved in Authentication or Impersonation event on Microsoft Windows (either Windows Client or Windows Server) This event is generated when a Windows Logon session is created. It is generated on the Hostname that was accessed.

Windows Event Security Logon monitoring

This package is built to monitor Windows Events Security Logons collecting Event IDs 4624 (logins), 4625 (failed logins) and 4634 (logouts).

This package automatically configures the ServicePilot Agent to collect statistics from the Windows Servers on which the ServicePilot Agent has been configured.

Individual Windows Events Security Logon are kept for analysis and monitoring metrics are also gathered including:

  • Total Events
  • Public IPs count
  • Private IPs count
  • Remote Interactive Logon
  • Cached Interactive Logon
  • New Credentials Logon
  • Network Logon
Security monitoring LOGON 0

Security monitoring LOGON 1

Security monitoring and logon in a few minutes

1Use your OnPremise installation or create a SaaS account.
2Install an Enterprise Agent or use an existing one.
3Define a new resource logon via the web interface, the target agent will be provisioned automatically.

Other Log Management integrations

aruba clearpassbadwordsbarracuda spam firewallblue coat packetshapercheckpoint firewallcisco firepowercisco firewallcisco secure web appliancecisco syslogf5 firepassfortigate firewallfortiwebinfoblox applianceironportjuniper firewallmcafee web gatewaymicrosoft defenderossecpalo alto firewallpulse securesnortsonicwall firewallstormshield snssuricatawazuhwindows event searchwindows sysmonfile analysissyslog receivertrap device filtertrap receiverwindows eventwindows scheduled tasks

Log Management solutions

Log Management and Analytics

Log Management and Analytics

IT security monitoring

IT security monitoring

Security IP Camera monitoring

Security IP Camera monitoring