Security Monitoring

windows event search security monitoring

What is Windows Event Search?

Once collected, detailed events of a Microsoft Windows Operating System (OS) can be automatically analyzed in the ServicePilot web interface with the Windows Event Search package.

Windows Event Search monitoring

This package performs a variety of pre-built searches in order to automatically analyze data across every host forwarding Windows Events to ServicePilot.

Different types of searches are performed:

  • Active Directory Critical Events: Monitors and triggers an alarm if any AD critical event occurs (1102, 4618, ...)
  • User Login Failure Events: Monitors and alerts when users fail to log in (along with failed login reasons)
  • Domain Controller Kerberos Authentication Events: Monitor Domain Controller and Kerberos critical events (failed Kerberos, DC logon, low encryption...)
  • Password Change events: Monitors and matches user accounts for which password has changed
  • and more...

Please note that for some searches, it also depends on the severity level or other filters on specific events that you established before forwarding events to ServicePilot.

How to install a windows-event-search resource?

  1. Use your ServicePilot OnPremise installation or a SaaS account.
  2. Add a new windows-event-search resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the windows-event-search package are located in the /prmpackages page of the software.


ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology WINDOWS EVENT SEARCH with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore our plans or contact us to find what works best for you.

Learn more

Free installation in
a few clicks

SaaS Plateform

Flexible deployment according to your needs (SaaS, hybrid, on-premise) to speed up supervision implementation.
  • No on-premise software setup, servicing and configuration complexity
  • Instant setup, complete and pre-configured to ensure robust monitoring

OnPremise Plateform

Flexible deployment according to your needs (SaaS, hybrid, on-premise) to speed up supervision implementation.
  • Contracts and commitments over time ( > 1 year)
  • Performance, Data Storage and Infrastructure Management
  • 2 additional solutions: VoIP and Mainframe monitoring