Security monitoring
with the WINDOWS-EVENT-SEARCH package

ServicePilot security-windows-event-search

What is Windows Event Search?

Once collected, detailed events of a Microsoft Windows Operating System (OS) can be automatically analyzed in the ServicePilot web interface with the Windows Event Search package.

Windows Event Search monitoring

This package performs a variety of pre-built searches in order to automatically analyze data across every host forwarding Windows Events to ServicePilot.

Different types of searches are performed:

  • Active Directory Critical Events: Monitors and triggers an alarm if any AD critical event occurs (1102, 4618, ...)
  • User Login Failure Events: Monitors and alerts when users fail to log in (along with failed login reasons)
  • Domain Controller Kerberos Authentication Events: Monitor Domain Controller and Kerberos critical events (failed Kerberos, DC logon, low encryption...)
  • Password Change events: Monitors and matches user accounts for which password has changed
  • and more...

Please note that for some searches, it also depends on the severity level or other filters on specific events that you established before forwarding events to ServicePilot.