How to monitor WINDOWS EVENT SEARCH security


Monitor WINDOWS EVENT SEARCH


What is Windows Event Search?

Once collected, detailed events of a Microsoft Windows Operating System (OS) can be automatically analyzed in the ServicePilot web interface with the Windows Event Search package.

Windows Event Search monitoring

This package performs a variety of pre-built searches in order to automatically analyze data across every host forwarding Windows Events to ServicePilot.

Different types of searches are performed:

  • Active Directory Critical Events: Monitors and triggers an alarm if any AD critical event occurs (1102, 4618, ...)
  • User Login Failure Events: Monitors and alerts when users fail to log in (along with failed login reasons)
  • Domain Controller Kerberos Authentication Events: Monitor Domain Controller and Kerberos critical events (failed Kerberos, DC logon, low encryption...)
  • Password Change events: Monitors and matches user accounts for which password has changed
  • and more...

Please note that for some searches, it also depends on the severity level or other filters on specific events that you established before forwarding events to ServicePilot.

Installation

Before adding a resource to monitor, make certain that all pre-requisites are in place.

Follow the documentation to add a resource to ServicePilot.

Key field notes

  1. In the Policies tab, specify the policy or policies to apply to the resource

How to install a windows-event-search resource?

  1. Use your ServicePilot OnPremise installation or a SaaS account.
  2. Add a new windows-event-search resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the windows-event-search package are located in the /prmpackages page of the software.

Benefits

ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology WINDOWS EVENT SEARCH with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore ourplans or contact us to find what works best for you.

Free installation in a few clicks

Other Log Management integrations

aruba clearpassbadwordsbarracuda spam firewallblue coat packetshapercheckpoint firewallcisco firepowercisco firewallcisco secure web appliancecisco syslogf5 firepassfortigate firewallfortiwebinfoblox applianceironportjuniper firewalljuniper srx firewalllogonmcafee web gatewaymicrosoft defenderossecpalo alto firewallpulse securesnortsonicwall firewallstormshield snssuricatawazuhwindows sysmonfile analysissyslog receivertrap device filtertrap receiverwindows eventwindows scheduled tasks

Log Management solutions

Log Management and Analytics

Log Management and Analytics

IT security monitoring

IT security monitoring

Security IP Camera monitoring

Security IP Camera monitoring