Support Get Quote

Other Resources

    Reports for Windows environment

    EventLog Analyzer offers the following canned reports under various categories for Windows events:


    Windows Event Reports

    • Windows Logon Reports
    • Policy Changes
    • Windows Logoff Reports
    • Windows Firewall Threats
    • Threat Detection
    • Application Whitelisting
    • Domain Events
    • Hyper-V Server Events
    • Windows Failed Logon Reports
    • Application Crashes
    • Threat Detection From Antivirus
    • Hyper-V VM Management
    • Trust Relationships Changes
    • GPO Changes
    • Computer Account Management
    • Registry Changes
    • File Monitoring
    • Infrastructure Reports
    • Windows Critical Reports
    • Removable Disk Auditing
    • Windows System Events
    • Group Management
    • Windows Severity Reports
    • Network Share
    • Windows Backup and Restore
    • Program Inventory
    • Windows Firewall Auditing
    • Process Tracking
    • OU Changes
    • AD DNS Server
    • Network Policy Server
    • Data Theft Detection
    • Domain Controller Logon Reports
    • DNS Server
    • User Account Management


    Windows Logon Reports

    • Interactive Logon
    • Remote Interactive Logon
    • Network Logon
    • Terminal Server Connected
    • Terminal Server Disconnected
    • Logons Overview
    • Privilege Assigned to New Logon
    • Logon Attempt Using explicit Credentials
    • Top logons based on user
    • Top logons based on hosts
    • Top logons based on remote hosts
    • Top logons based on domain
    • Logons Trend

    Policy Changes

    • User Rights Assigned
    • User Rights Removed
    • System Audit Policy Changes
    • Per User Audit Policy Changes
    • Audit Policy (SACL) on Object Changes
    • Authentication Policy Change(Grant)
    • Authentication Policy Change(Revoke)
    • Domain Policy Changes

    Windows Logoff Reports

    • Network Logoffs
    • Interactive Logoffs
    • Remote Interactive Logoffs
    • User Initiated Logoffs
    • Logoff Activity Overview

    Windows Firewall Threats

    • Spoof Attack
    • Internet Protocol half-scan attack
    • Flood Attack
    • Ping of Death Attack
    • SYN Attack

    Threat Detection

    • Security Logs Cleared
    • Event Logs Cleared
    • Event Logging Service Shutdown
    • DoS Attack Subsided
    • DoS Attack Entered Defensive Mode
    • DoS Attacks
    • Downgrade Attacks
    • Replay Attack
    • Defender Malware Detection
    • Defender Real Time Protection Detection
    • Terminal Server Attacks
    • Terminal Server Exceeds Maximum Logon Attempts
    • IP Conflicts
    • User Account Locked Out Error

    Application Whitelisting

    • Exe or Dll File Allowed to Run
    • Exe or Dll Files Not Allowed to Run due to Enforced rules
    • Exe or Dll File Not Allowed to Run
    • MSI or Script File Allowed to Run
    • MSI or Script Files Not Allowed to Run due to Enforced rules
    • MSI or Script File Not Allowed to Run
    • Software Restricted to Access Program

    Domain Events

    • Special groups assigned to new logon
    • SID History added to account
    • Failed SID History addition
    • Kerberos policy changes
    • Group type changes
    • Special groups logon table modifications

    Hyper-V Server Events

    • Partitions Created
    • Partitions Deleted
    • Failed Partition Creations
    • Hyper-V Start Events
    • Failed Hyper -V Launch
    • Hyper-V Switch Creations
    • Hyper-V Switch Deletions

    Windows Failed Logon Reports

    • Failed logons due to bad username
    • Failed logons due to bad password
    • Failed logons during non-working hours
    • Failed logons due to disabled accounts
    • Failed logons due to account lock outs
    • Failed logons due to account expiry
    • Failed logons due to password expiry
    • Failed Interactive Logons
    • Failed Remote Interactive Logons
    • Failed Network Logons
    • Failed Logons Overview
    • Top failed logons based on users
    • Top failed logons based on hosts
    • Top failed logons based on remote hosts
    • Top failed logons based on domain
    • Top reasons for windows logon failure
    • Failed Logons Trend

    Application Crashes

    • Application Errors
    • Application Hanged
    • Windows Error Reporting
    • Blue Screen Error(BSOD)
    • System Errors
    • EMET Logs
    • Windows File Protection

    Threat Detection From Antivirus

    • Threats Detections by ESET Endpoint Antivirus
    • Threats Detections by Kaspersky
    • Threats Detection by Microsoft Antimalware
    • Threats Detection by Sophos Anti-Virus
    • Threats Detection by Norton AntiVirus
    • Infected files detected by Symantec Endpoint Protection
    • Threat Detections by Mcafee

    Hyper-V VM Management

    • VM Management Service Started
    • Failed Starts of VM Management Service
    • VM Management Service ShutDown
    • Failed VM Creations
    • Failed VM imports
    • Failed VM exports
    • Hyper-V Disk Out of Space
    • Failed Hyper-V Worker operation

    Trust Relationships Changes

    • Trusted Domain Created
    • Trusted Domain Modified
    • Trusted Domain Deleted

    GPO Changes

    • GPO Created
    • GPO Modified
    • GPO Deleted

    Computer Account Management

    • Computer Account Created
    • Computer Account Modified
    • Computer Account Deleted

    Registry Changes

    • Registry Accessed
    • Failed Registry Access
    • Registry Created
    • Failed Registry Creations
    • Registry Value Modified
    • Failed Registry Modifications
    • Registry Deleted
    • Failed Registry Deletions
    • Registry Permission Changes
    • Top Users on Registry

    File Monitoring

    • File Created
    • File Deleted
    • File Modified
    • File Read
    • File Permission Changes
    • Failed File Creations
    • Failed File Deletions
    • Failed File Modifications
    • Failed File Accesses
    • System File Changes
    • Top FileType Changes
    • Top file operations based on users
    • Top file operations based on hosts
    • Top file operations based on file
    • File Monitoring Overview
    • File Monitoring Trend

    Infrastructure Reports

    • Self logon reports
    • Non-self logon reports
    • Top Self logons based on users
    • Top non-self logons based on users

    Windows Critical Reports

    • Criticality level of events
    • Critical report based on event
    • Critical events based on host
    • Critical events based on remote host
    • Critical events Trend
    • Critical events Overview

    Removable Disk Auditing

    • USB Plugged In
    • USB Plugged Out
    • Removable Disk Reads
    • Removable Disk Failed Reads
    • Removable Disk Creates
    • Removable Disk Failed Creates
    • Removable Disk Modifications
    • Removable Disk Failed Modifications
    • Removable Disk Deletes
    • Removable Disk Failed Deletes
    • Host Based Removable Disk Changes
    • Top Successful Users on Removable Disk Auditing
    • Top Failed Users on Removable Disk Auditing
    • Removable Disk Changes Trend

    Windows System Events

    • Windows Startups
    • Windows ShutDowns
    • Windows Startups and ShutDowns
    • New Service Installed
    • Software Installed
    • Software Updated
    • Failed software installations
    • Failed software installations due to privilege mismatches
    • Software Uninstalled
    • Service Started
    • Service Stopped
    • Service Failed
    • Windows Time Change
    • Windows Updates Installed
    • Windows update process failed
    • Failed hotpatching
    • Update Packages Installed
    • New kernal filter driver installed
    • AD Backup Error
    • System Uptime
    • GPO Queries Failed
    • Invalid Windows license
    • Failed Windows license activations
    • Non activated Windows licenses
    • UnExpected Shutdown
    • Active Directory database corruptions
    • Bad disk block
    • Failed loadings of Kernel driver
    • Code Integrity Check
    • Invalid image hash file
    • Invalid page hash image file
    • Hardisk failures
    • System Restored
    • Windows Security Log Full
    • Audit Events Dropped
    • Error in EventLog Service
    • Event log automatic backup
    • Wireless Network Authentication
    • Wired Network Authentication
    • Wired Network Connected
    • Wired Network Disconnected
    • Wireless Network Connected
    • Wireless Network Disconnected

    Group Management

    • Security Group Created
    • Security Group Changed
    • Security Group Deleted
    • Distribution Groups Created
    • Distribution Group Changed
    • Distribution Group Deleted
    • Members added to Security Group
    • Members added to Distribution Group
    • Members removed from Security Group
    • Members removed from Distribution Group
    • Group Created
    • Group Modified
    • Group Deleted

    Windows Severity Reports

    • Success Events
    • Information Events
    • Failure Events
    • Warning Events
    • Error Events

    Network Share

    • Share Object Read
    • Share Object Read Failed
    • Share Object Created
    • Failed Share Object Creations
    • Share Object Modified
    • Failed Share Object Modifications
    • Share Object Deleted
    • Failed Share Object Deletions
    • Share Changes Overview
    • Share Object Permission Added
    • Share Object Permission Modified
    • Share Object Permission Deleted
    • Top successful network shares based on users
    • Top failed network shares based on users
    • Top network share access based on remote hosts
    • Top failed network share accesses based on remote hosts
    • Top network share creations based on remote host
    • Top failed network share creations based on remote host
    • Top network share modifications based on remote host
    • Top failed network share modifications based on remote host
    • Top network share deletions based on remote host
    • Top failed network share deletions based on remote host

    Windows Backup and Restore

    • Failed Windows backup
    • Successful windows backup
    • Failed Windows restores
    • Successful Windows restores

    Program Inventory

    • New application installations
    • Updated Applications
    • Removed Applications
    • New Internet Explorer addons
    • Software Activities

    Windows Firewall Auditing

    • Rule Added
    • Rule Modified
    • Rule Deleted
    • Settings Restored
    • Settings Changed
    • Group Policy Changes

    Process Tracking

    • Process Created
    • Process Terminated
    • Scheduled Task Created
    • Scheduled Task Deleted
    • Scheduled Task Enabled
    • Scheduled Task Disabled
    • Scheduled Task Updated
    • Top Process Creation based on users
    • Top Process Created

    OU Changes

    • OU Created
    • OU Modified
    • OU Deleted

    AD DNS Server

    • DNS Server Error from AD
    • DNS Server Waiting for AD
    • DNS Server unable to open AD
    • Failed DNS Server DS Zone Open
    • Failed DNS Server DS Record Loads

    Network Policy Server

    • Access granted to users
    • Access denied to users
    • Discarded requests for users
    • Discarded accounting requests for users
    • Locked users due to repeated logon failures
    • NPS Unlocked user accounts

    Data Theft Detection

    • Printer Document Theft
    • Removable Media Data Theft
    • Shared network data theft
    • SQL Server data theft by backups
    • SQL Server data theft by reads
    • Oracle Data theft by reads
    • Windows FTP Data thefts
    • Unix FTP Data thefts

    Domain Controller Logon Reports

    • DC Credential Validation Failure due to Bad Username
    • DC Credential Validation Failure due to Bad Password
    • DC Credential Validation Failure due to account lockouts
    • DC Credential validation Failure due to disabled account
    • DC Credential validation Failure during non-working hours
    • DC Credential validation Failure due to account expiry
    • DC Credential validation Failure due to password expiry
    • DC Credential validation Failure Overview
    • Top successful DC credential validations based on users
    • Top successful DC credential validations based on clients
    • Top failed DC credential validations based on users
    • Top failed DC credential validations based on clients
    • Kerberos authentication ticket (TGT) - Requested
    • Kerberos pre-authentication failures
    • Kerberos authentication ticket - failed requests
    • Requested Kerberos service tickets
    • Renewed Kerberos service tickets
    • Kerberos service ticket - failed requests

    DNS Server

    • DNS Server Started
    • DNS Server Shutdown
    • DNS Server Zone Transfer Refused
    • DNS Server Zone transfer bad responses
    • Failed DNS Server Zone Transfers
    • DNS Bad Zone Transfer Request
    • Invalid Domain Name in Packet
    • DNS Server encountred a packet addressed to itself

    User Account Management

    • User Account Created
    • User Account Deleted
    • User Account Enabled
    • User Account Disabled
    • User Account Password Resets
    • User Account Failed Password Resets
    • User Account Password Changes
    • User Account Failed Password Changes
    • User Account Modified
    • User Accounts Created with no password expiry
    • User Account's account expiry changed
    • User Account's logon hour changed
    • User Account's logon workstation changed
    • User Account Locked Outs
    • Unlocked User Accounts
    • Renamed User Accounts
    • Top User Account Lockouts based on User
    • Top User Account Lockouts based on RemoteHost

    EventLog Analyzer Trusted By

    Los Alamos National Bank Michigan State University
    Panasonic Comcast
    Oklahoma State University IBM
    Accenture Bank of America
    Ernst Young

    Customer Speaks

    • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
      Benjamin Shumaker
      Vice President of IT / ISO
      Credit Union of Denver
    • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
      Joseph Graziano, MCSE CCA VCP
      Senior Network Engineer
    • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
      Joseph E. Veretto
      Operations Review Specialist
      Office of Information System
      Florida Department of Transportation
    • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
      Jim Lloyd
      Information Systems Manager
      First Mountain Bank

    Awards and Recognitions

    A Single Pane of Glass for Comprehensive Log Management