What is Windows Event Search?
Once collected, detailed events of a Microsoft Windows Operating System (OS) can be automatically analyzed in the ServicePilot web interface.
Windows Event Search monitoring
This package performs a variety of pre-built searches in order to automatically analyze data across every host forwarding Windows Events to ServicePilot.
Different types of searches are performed:
- Active Directory Critical Events: Monitors and triggers an alarm if any AD critical event occurs (1102, 4618, ...)
- User Login Failure Events: Monitors and alerts when users fail to log in (along with failed login reasons)
- Domain Controller Kerberos Authentication Events: Monitor Domain Controller and Kerberos critical events (failed Kerberos, DC logon, low encryption...)
- Password Change events: Monitors and matches user accounts for which password has changed
- and more...
Please note that for some searches, it also depends on the severity level or other filters on specific events that you established before forwarding events to ServicePilot.