Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
Phone Get Quote
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Windows Security Event Log Solutions from Manageengine ADAudit Plus

Real-Time Windows Security Event Log Monitoring

ADAudit Plus is an award winning, centralized logging architecture auditing solution which allows Microsoft Windows environment administrators to view, monitor, archive and get real-time alerts along with thorough audit reports of the Windows security log events. The security log contains records of security-related events specified by the system's audit policy. With ADAudit Plus administrators can detect and track attempted and successful unauthorized activity. Examples of security events include authentication events, audit events, unauthorized events and these events are stored in operating systems' security logs.

Get Your Free Trial

fully functional 30-day trial

Centrally, monitor and analyze the security event logs for changes in the Windows Active Directory & Servers; track suspicious user actions and ensure a quick root cause analysis in the event of a crime
Get the entire information in real-time on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts
Automated reporting and data archiving for IT Compliance- HIPAA requires 7 years of log data, PCI requires 5 years of log data... Security log data can be used for internal security reviews and log forensic analysis

Why the need for Windows Security Event Log Monitoring?

The need to adhere to security compliance's such as SOX, PCI-DSS, FISMA, GLBA, HIPAA, etc requires administrators to implement a secure process to protect against attempted or successful unauthorized access. Constant monitoring of the classified network information is critical to every business with or without having to comply to some standards. Windows security event logs is one of the sources using which the login attempts can be tracked and logged. A manual check on every Windows device is tedious and impossible and warrants automated auditing and monitoring of event logs on a regular basis.
Critical Windows Security event logs that need auditing
4768 / 4771 Account logon success / failure
4624 / 4625 Local logon success / failure
4647 User initiated logoff
4778 / 4779 Terminal service session reconnected / disconnected
5136 / 5137 AD object modification / creation / move
5139 / 5141 AD object moved / deleted
4670 Permission change with old & new attributes
4663 / 4659, 4660 File access / deletion

A few categories of security log events that can be logged are

The immeasurable number of loggable events mean analyzing the security event log can be a time-consuming task. If you wish to audit successes, audit failures, or not audit this type of event at all, you need to define the required advanced audit policy under local security settings, ensuring only the needed security logs for auditing are collected, guaranteeing the disk space does not fill fast with unwanted logs.

Here are the recommended security events to be set to audit, which are under the advanced audit policy settings: For Domain controllers | For Windows file servers | For Windows member servers | For Windows workstations

Listed below are the various advanced audit policy categories
Account Logon Document attempts to authenticate account data on a domain controller or on a local Security Accounts Manager (SAM).
Account Management Monitor changes to user and computer accounts and groups.
Detailed Tracking Monitor the activities of individual applications and users on that computer.
Directory Services Access View a detailed audit trail of attempts to access and modify objects in Active Directory Domain Services (AD DS).
Logon / Logoff Track attempts to log on to a computer interactively or over a network. These events are particularly useful for tracking user activity and identifying potential attacks on network resources.
Object Access Track attempts to access specific objects or types of objects on a network or computer.
Policy Change Track changes and attempts to change important security policies on a local system or network.
Privilege Use Track permissions granted on a network for users or computers to complete defined tasks.
System Monitor system-level changes to a computer that are not included in other categories and that have potential security implications.
Global Object Access Auditing Administrators can define computer system access control lists (SACLs) per object type for the file system or for the registry.

Try ADAudit Plus for free.

  • Please enter a business email id
    By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.


Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here

Other solutions offered by ADAudit Plus

Active directoryFile serverWindows serverWorkstation
Active Directory auditor

Get reports and alerts on changes to AD objects including users, groups, OUs, GPOs, and more instantly.

Account lockout tool

Detect and diagnose AD account lockouts faster by identifying their root cause.

Login monitoring

Monitor, track, and report on both successful and failed login attempts in real time.

Azure AD auditing

Monitor and track all Azure Active Directory sign-ins and events across cloud or hybrid environments.

GPO change auditing

Audit and report on what GPO setting was changed with before and after values—all in real time.

Privileged user monitoring

Monitor and report on critical actions made by administrators or privileged accounts and groups.



ADAudit Plus is available in 4 Editions

Starts at $0

  • Never expires
  • 25 Workstations free
  • Reports can be generated from event log data collected during evaluation / license period

Starts at $0

  • All features of Professional Edition for 30 days
  • You can Audit
    5 Domain Controllers
    2 File Servers
    1 NetApp Filer (or)
    1 EMC File Server
    10 Member Servers
    100 Workstations

Starts at $595

  • 200+ pre-configured audit reports
  • Real-time Active Directory auditing
  • Monitor AD User, Group, Computer, OU, GPO changes
  • Audit Workstations logon / logoff
  • File create, modify, delete, access, permissions
  • Track system events, scheduled tasks
  • Printer & USB audit
  • Email alerts & Scheduled reports
  • Compliance specific reports
  • Data archiving

Starts at $945

  • All features of Standard Edition +
  • Group Policy Objects settings audit
  • Old & new value of all attribute changes of AD Objects
  • Active Directory permission change audit
  • Account lockout analyzer
  • DNS Server, Schema, Contacts & Configuration Auditing
  • Support for MS SQL Server database

What our customers say

  • ADAudit Plus has helped us meet certain SOX and PCI compliance requirements. Liking the automated monthly reports for SOX, ease of use, implementation and very cost effective solution.
    Jeffrey O'Donnell
    Director of IT,
    Uncle Bob’s Self Storage
  • We finalized on ManageEngine ADAudit Plus, primarily for our SOX Audit reports and I think the tool, with its easy to comprehend output is very cool and the highly competitive pricing helped grab our attention.
    Andreas Ederer
    Cosma International
  • We are an emergency healthcare provider. We see the software as good risk avoidance with some good risk management practices and help us meet HIPAA compliance. We chose ADAudit Plus, which works 24/7/365 like us.
    JT Mason
    Director of IT
    California Transplant Donor Network (CTDN)
  • We evaluated different software; ADAudit Plus is extremely easy to deploy and a cost-effective solution that helped us pass several industry related security audits, in-depth PEN audit test and meet HIPAA security guidelines.
    Renee Davis
    Life Management Center
  • We are a not for profit organization and had to satisfy HIPAA requirements, we chose ADAudit Plus which helped us to see what changes were made and who made them in our AD.
    Manager of Network Operations
  • ADAudit Plus was the simplest and most relevant from the several products we trialed to monitor user logon failures, account cleaning, to keep a check on malicious activities and meet PCI-DSS compliance.
    Bernie Camus
    IT Manager

ADAudit Plus Trusted By