Windows Server Auditing

Windows Servers

Windows Servers are the (file, print, web, application, and communication) workhorses of any Microsoft Server environment. Monitor every Windows Server change with various detailed reports: Summary Report, Process Tracking, Policy Changes, System Events, Object Management and Scheduled Tasks. The audit reports with a host of powerful attributes collectively display an in-depth analysis in to the 'event', helping you pinpoint the security breaches.

Windows Server audit | Scheduled tasks & processes | All audit reports

• Windows Server monitoring with a events summary report, track scheduled tasks and system events, track all processes and policy changes
• File Integrity Monitoring (FIM) of system, configuration, files and file attributes modifications
• In real-time, identify all the files printed over the Windows network
• List file details with time and date, user name, pages, copies, file size, printer name and Server details

Sample Reports

Summary Report, Process Tracking, Policy Changes, System Events, Object Management, Scheduled Task, Who started the Process

Local Logon-Logoff

Audit every user's successful logon to the local computer, logon failures, when exactly the user initiated logoff, in the case of Interactive and Remote Desktop logon. Ensure 'account management' of local users / local groups to thoroughly monitor the Windows Servers and know every change as it happens be it user logon, logon failure, user logoff, logon duration, logon history.... set e-mail alerts to be updated instantly on critical Servers changes.

Local User Logon / Logoff | Windows Server Auditing | All audit reports

• Monitor local users logon / logoff, scheduled tasks, policy changes and summary report
• View pre-configured reports and set email alerts on changes to monitored folders / files
• Meet Sarbanes-Oxley, GLBA, FISMA, PCI-DSS and HIPAA Compliance
• Archive AD event data for periodic analysis of IT security and for forensics

Sample Reports

Logon Duration, Logon Failures, Logon History, Terminal Services Activity, RADIUS Logon Failures(NPS), RADIUS Logon History(NPS)

Printer Auditing

Administrators can in real-time audit, monitor and view the printer usage, user based reports, recent jobs and printer based reports. Quickly assess the printer usage along with file details including time and date, name of user who printed, file name, number of pages, copies, file size, printer name and Server details along with instant email alerts. Meet security and SOX, HIPAA compliance needs with exportable reports in XLS, HTML, PDF and CSV formats for report submission during audits.

Printer Auditing | Windows Server auditing | All audit reports

• Identify all the files printed over the Windows network
• List file details with time and date, the name of the user who printed
• Keep a track of the number of pages, copies, file size, printer name and Server details
• Meet Sarbanes-Oxley and HIPAA Compliance requirements

Sample Reports

Recent Jobs, User Based Reports, Printer Usage, Printer Based Reports

File Integrity Monitoring

Monitor attempted / changes to configurations, files (Log, audit, text, exe, web, configuration, DB), file attributes (dll, exe and other system files). View change audit reports and get instant email alerts upon modifications to the monitored folders / files. Ensure Windows Servers security and meet Compliance requirements of: PCI DSS (Req. 10.5, 11.5), SOX (Sec 404), FISMA (NIST SP800-53 Rev3), HIPAA (NIST Publication 800-66).

File Integrity Monitoring | Windows Server auditing | All audit reports

• Audit the system, configuration, program files and folders modifications by Admin, Users, Helpdesk, HR etc.,
• Windows system files monitored for change : SysWOW64 | System32 | Program Files | DLLs | Drivers | Installed Programs
• Restricted data monitored for change: Personal Information | Financial Statements | Card Transaction Files
• The 20+ filter attributes in each reporting helps to easily pin point details in the change audit reports

Sample Reports

Files Modified, Files Deleted, Files Copy-N-Pasted, Folder Permission Changes, Folder Audit Setting Changes (SACL)

Compliance

SMBs or Large organizations have to comply with industry specific Compliance Act like SOX, HIPAA, GLBA, PCI-DSS, FISMA…. With our Compliance specific pre-configured reports and alerts, we ensure your network is under 24/7 audit with periodic security reports and email alerts as standard procedure.

A Few Compliance Specific Reports

SOX – Recent User Logon Activity, Logon Failures, Administrative User Actions, Domain Policy Changes, User Management, Logon History, Changes on Windows Server

HIPAA – All File or Folder Changes, Computer Management, OU Management, Logon Duration, Group Management, Terminal Services Activity

GLBA – Local Logon Failures, Folder Permission Changes, Folder Audit Setting Changes (SACL), Successful File Read Access, Domain Policy Changes

PCI-DSS – Logon history, Logon Failures, Successful File Read Access, Changes on Windows Server, Radius Logon History (NPS)

FISMA – Administrative User Actions, Failed Attempt to Delete File, Failed Attempt to Write File, All File or Folder Changes, Computer Management

All Windows Servers Reports

Shown here are the Windows Servers, File Integrity Monitoring and Printers audit reports to give you a view into the details displayed and the various filters you can apply to further pin-point information.

Instant on-screen alerts with emailing of alerts upon unauthorized network access / modification events. User, time and volume based threshold alerts help identify the problem precisely.

All Active Directory change audit reports | Compliance audit reports

• Automate periodic reporting with schedulable pre-configured audit reports
• Create custom reports and email alerts with ease in a few clicks
• SOX, HIPAA, FISMA, GLBA, PCI-DSS Compliance specific audit reports to help meet requirements
• Export audit reports in XLS, CSV, PDF and HTML formats