Other Resources

    Reports for Windows environment


    EventLog Analyzer offers the following canned reports under various categories for Windows events:

     

    Windows Event Reports

    • Windows Logon Reports
    • Policy Changes
    • Windows Logoff Reports
    • Windows Firewall Threats
    • Threat Detection
    • Application Whitelisting
    • Domain Events
    • Hyper-V Server Events
    • Windows Failed Logon Reports
    • Application Crashes
    • Threat Detection From Antivirus
    • Hyper-V VM Management
    • Trust Relationships Changes
    • GPO Changes
    • Computer Account Management
    • Registry Changes
    • File Monitoring
    • Infrastructure Reports
    • Windows Risk Reports
    • Removable Disk Auditing
    • Windows System Events
    • Group Management
    • Windows Severity Reports
    • Network Share
    • Windows Backup and Restore
    • Program Inventory
    • Windows Firewall Auditing
    • Process Tracking
    • OU Changes
    • AD DNS Server
    • Network Policy Server
    • Data Theft Detection
    • Domain Controller Logon Reports
    • DNS Server
    • User Account Management

     

    Windows Logon Reports

    • Interactive Logon
    • Remote Interactive Logon
    • Network Logon
    • Terminal Server Connected
    • Terminal Server Disconnected
    • Logons Overview
    • Privilege Assigned to New Logon
    • Logon Attempt Using explicit Credentials
    • Top logons based on user
    • Top logons based on hosts
    • Top logons based on remote hosts
    • Top logons based on domain
    • Logons Trend

    Policy Changes

    • User Rights Assigned
    • User Rights Removed
    • System Audit Policy Changes
    • Per User Audit Policy Changes
    • Audit Policy (SACL) on Object Changes
    • Authentication Policy Change(Grant)
    • Authentication Policy Change(Revoke)
    • Domain Policy Changes

    Windows Logoff Reports

    • Network Logoffs
    • Interactive Logoffs
    • Remote Interactive Logoffs
    • User Initiated Logoffs
    • Logoff Activity Overview

    Windows Firewall Threats

    • Spoof Attack
    • Internet Protocol half-scan attack
    • Flood Attack
    • Ping of Death Attack
    • SYN Attack

    Threat Detection

    • Security Logs Cleared
    • Event Logs Cleared
    • Event Logging Service Shutdown
    • DoS Attack Subsided
    • DoS Attack Entered Defensive Mode
    • DoS Attacks
    • Downgrade Attacks
    • Replay Attack
    • Defender Malware Detection
    • Defender Real Time Protection Detection
    • Terminal Server Attacks
    • Terminal Server Exceeds Maximum Logon Attempts
    • IP Conflicts
    • User Account Locked Out Error

    Application Whitelisting

    • Exe or Dll File Allowed to Run
    • Exe or Dll Files Not Allowed to Run due to Enforced rules
    • Exe or Dll File Not Allowed to Run
    • MSI or Script File Allowed to Run
    • MSI or Script Files Not Allowed to Run due to Enforced rules
    • MSI or Script File Not Allowed to Run
    • Software Restricted to Access Program

    Domain Events

    • Special groups assigned to new logon
    • SID History added to account
    • Failed SID History addition
    • Kerberos policy changes
    • Group type changes
    • Special groups logon table modifications

    Hyper-V Server Events

    • Partitions Created
    • Partitions Deleted
    • Failed Partition Creations
    • Hyper-V Start Events
    • Failed Hyper -V Launch
    • Hyper-V Switch Creations
    • Hyper-V Switch Deletions

    Windows Failed Logon Reports

    • Failed logons due to bad username
    • Failed logons due to bad password
    • Failed logons during non-working hours
    • Failed logons due to disabled accounts
    • Failed logons due to account lock outs
    • Failed logons due to account expiry
    • Failed logons due to password expiry
    • Failed Interactive Logons
    • Failed Remote Interactive Logons
    • Failed Network Logons
    • Failed Logons Overview
    • Top failed logons based on users
    • Top failed logons based on hosts
    • Top failed logons based on remote hosts
    • Top failed logons based on domain
    • Top reasons for windows logon failure
    • Failed Logons Trend

    Application Crashes

    • Application Errors
    • Application Hanged
    • Windows Error Reporting
    • Blue Screen Error(BSOD)
    • System Errors
    • EMET Logs
    • Windows File Protection

    Threat Detection From Antivirus

    • Threats Detections by ESET Endpoint Antivirus
    • Threats Detections by Kaspersky
    • Threats Detection by Microsoft Antimalware
    • Threats Detection by Sophos Anti-Virus
    • Threats Detection by Norton AntiVirus
    • Infected files detected by Symantec Endpoint Protection
    • Threat Detections by Mcafee

    Hyper-V VM Management

    • VM Management Service Started
    • Failed Starts of VM Management Service
    • VM Management Service ShutDown
    • Failed VM Creations
    • Failed VM imports
    • Failed VM exports
    • Hyper-V Disk Out of Space
    • Failed Hyper-V Worker operation

    Trust Relationships Changes

    • Trusted Domain Created
    • Trusted Domain Modified
    • Trusted Domain Deleted

    GPO Changes

    • GPO Created
    • GPO Modified
    • GPO Deleted

    Computer Account Management

    • Computer Account Created
    • Computer Account Modified
    • Computer Account Deleted

    Registry Changes

    • Registry Accessed
    • Failed Registry Access
    • Registry Created
    • Failed Registry Creations
    • Registry Value Modified
    • Failed Registry Modifications
    • Registry Deleted
    • Failed Registry Deletions
    • Registry Permission Changes
    • Top Users on Registry

    File Monitoring

    • File Created
    • File Deleted
    • File Modified
    • File Read
    • File Permission Changes
    • Failed File Creations
    • Failed File Deletions
    • Failed File Modifications
    • Failed File Accesses
    • System File Changes
    • Top FileType Changes
    • Top file operations based on users
    • Top file operations based on hosts
    • Top file operations based on file
    • File Monitoring Overview
    • File Monitoring Trend

    Infrastructure Reports

    • Self logon reports
    • Non-self logon reports
    • Top Self logons based on users
    • Top non-self logons based on users

    Windows Risk Reports

    • Criticality level of events
    • Critical report based on event
    • Critical events based on host
    • Critical events based on remote host
    • Critical events Trend
    • Critical events Overview

    Removable Disk Auditing

    • USB Plugged In
    • USB Plugged Out
    • Removable Disk Reads
    • Removable Disk Failed Reads
    • Removable Disk Creates
    • Removable Disk Failed Creates
    • Removable Disk Modifications
    • Removable Disk Failed Modifications
    • Removable Disk Deletes
    • Removable Disk Failed Deletes
    • Host Based Removable Disk Changes
    • Top Successful Users on Removable Disk Auditing
    • Top Failed Users on Removable Disk Auditing
    • Removable Disk Changes Trend

    Windows System Events

    • Windows Startups
    • Windows ShutDowns
    • Windows Startups and ShutDowns
    • New Service Installed
    • Software Installed
    • Software Updated
    • Failed software installations
    • Failed software installations due to privilege mismatches
    • Software Uninstalled
    • Service Started
    • Service Stopped
    • Service Failed
    • Windows Time Change
    • Windows Updates Installed
    • Windows update process failed
    • Failed hotpatching
    • Update Packages Installed
    • New kernal filter driver installed
    • AD Backup Error
    • System Uptime
    • GPO Queries Failed
    • Invalid Windows license
    • Failed Windows license activations
    • Non activated Windows licenses
    • UnExpected Shutdown
    • Active Directory database corruptions
    • Bad disk block
    • Failed loadings of Kernel driver
    • Code Integrity Check
    • Invalid image hash file
    • Invalid page hash image file
    • Hardisk failures
    • System Restored
    • Windows Security Log Full
    • Audit Events Dropped
    • Error in EventLog Service
    • Event log automatic backup
    • Wireless Network Authentication
    • Wired Network Authentication
    • Wired Network Connected
    • Wired Network Disconnected
    • Wireless Network Connected
    • Wireless Network Disconnected

    Group Management

    • Security Group Created
    • Security Group Changed
    • Security Group Deleted
    • Distribution Groups Created
    • Distribution Group Changed
    • Distribution Group Deleted
    • Members added to Security Group
    • Members added to Distribution Group
    • Members removed from Security Group
    • Members removed from Distribution Group
    • Group Created
    • Group Modified
    • Group Deleted

    Windows Severity Reports

    • Success Events
    • Information Events
    • Failure Events
    • Warning Events
    • Error Events

    Network Share

    • Share Object Read
    • Share Object Read Failed
    • Share Object Created
    • Failed Share Object Creations
    • Share Object Modified
    • Failed Share Object Modifications
    • Share Object Deleted
    • Failed Share Object Deletions
    • Share Changes Overview
    • Share Object Permission Added
    • Share Object Permission Modified
    • Share Object Permission Deleted
    • Top successful network shares based on users
    • Top failed network shares based on users
    • Top network share access based on remote hosts
    • Top failed network share accesses based on remote hosts
    • Top network share creations based on remote host
    • Top failed network share creations based on remote host
    • Top network share modifications based on remote host
    • Top failed network share modifications based on remote host
    • Top network share deletions based on remote host
    • Top failed network share deletions based on remote host

    Windows Backup and Restore

    • Failed Windows backup
    • Successful windows backup
    • Failed Windows restores
    • Successful Windows restores

    Program Inventory

    • New application installations
    • Updated Applications
    • Removed Applications
    • New Internet Explorer addons
    • Software Activities

    Windows Firewall Auditing

    • Rule Added
    • Rule Modified
    • Rule Deleted
    • Settings Restored
    • Settings Changed
    • Group Policy Changes

    Process Tracking

    • Process Created
    • Process Terminated
    • Scheduled Task Created
    • Scheduled Task Deleted
    • Scheduled Task Enabled
    • Scheduled Task Disabled
    • Scheduled Task Updated
    • Top Process Creation based on users
    • Top Process Created

    OU Changes

    • OU Created
    • OU Modified
    • OU Deleted

    AD DNS Server

    • DNS Server Error from AD
    • DNS Server Waiting for AD
    • DNS Server unable to open AD
    • Failed DNS Server DS Zone Open
    • Failed DNS Server DS Record Loads

    Network Policy Server

    • Access granted to users
    • Access denied to users
    • Discarded requests for users
    • Discarded accounting requests for users
    • Locked users due to repeated logon failures
    • NPS Unlocked user accounts

    Data Theft Detection

    • Printer Document Theft
    • Removable Media Data Theft
    • Shared network data theft
    • SQL Server data theft by backups
    • SQL Server data theft by reads
    • Oracle Data theft by reads
    • Windows FTP Data thefts
    • Unix FTP Data thefts

    Domain Controller Logon Reports

    • DC Credential Validation Failure due to Bad Username
    • DC Credential Validation Failure due to Bad Password
    • DC Credential Validation Failure due to account lockouts
    • DC Credential validation Failure due to disabled account
    • DC Credential validation Failure during non-working hours
    • DC Credential validation Failure due to account expiry
    • DC Credential validation Failure due to password expiry
    • DC Credential validation Failure Overview
    • Top successful DC credential validations based on users
    • Top successful DC credential validations based on clients
    • Top failed DC credential validations based on users
    • Top failed DC credential validations based on clients
    • Kerberos authentication ticket (TGT) - Requested
    • Kerberos pre-authentication failures
    • Kerberos authentication ticket - failed requests
    • Requested Kerberos service tickets
    • Renewed Kerberos service tickets
    • Kerberos service ticket - failed requests

    DNS Server

    • DNS Server Started
    • DNS Server Shutdown
    • DNS Server Zone Transfer Refused
    • DNS Server Zone transfer bad responses
    • Failed DNS Server Zone Transfers
    • DNS Bad Zone Transfer Request
    • Invalid Domain Name in Packet
    • DNS Server encountred a packet addressed to itself

    User Account Management

    • User Account Created
    • User Account Deleted
    • User Account Enabled
    • User Account Disabled
    • User Account Password Resets
    • User Account Failed Password Resets
    • User Account Password Changes
    • User Account Failed Password Changes
    • User Account Modified
    • User Accounts Created with no password expiry
    • User Account's account expiry changed
    • User Account's logon hour changed
    • User Account's logon workstation changed
    • User Account Locked Outs
    • Unlocked User Accounts
    • Renamed User Accounts
    • Top User Account Lockouts based on User
    • Top User Account Lockouts based on RemoteHost