Reports for Windows environment

EventLog Analyzer offers the following canned reports under various categories for Windows events:

Windows Event Reports

• Windows Firewall Threats
• Threat Detection
• Application Whitelisting
• Domain Events
• Hyper-V Server Events
• Application Crashes
• Threat Detection From Antivirus
• Hyper-V VM Management
• Registry Changes
• Infrastructure Reports
• Windows Critical Reports
• Removable Disk Auditing
• Windows System Events
• Windows Severity Reports
• Windows Backup and Restore
• Program Inventory
• Windows Firewall Auditing
• Network Policy Server

Windows Firewall Threats

• Spoof Attack
• Internet Protocol half-scan attack
• Flood Attack
• Ping of Death Attack
• SYN Attack

Threat Detection

• Security Logs Cleared
• Event Logs Cleared
• Event Logging Service Shutdown
• DoS Attack Subsided
• DoS Attack Entered Defensive Mode
• DoS Attacks
• Downgrade Attacks
• Replay Attack
• Defender Malware Detection
• Defender Real Time Protection Detection
• Terminal Server Attacks
• Terminal Server Exceeds Maximum Logon Attempts
• IP Conflicts
• User Account Locked Out Error

Application Whitelisting

• Exe or Dll File Allowed to Run
• Exe or Dll Files Not Allowed to Run due to Enforced rules
• Exe or Dll File Not Allowed to Run
• MSI or Script File Allowed to Run
• MSI or Script Files Not Allowed to Run due to Enforced rules
• MSI or Script File Not Allowed to Run
• Software Restricted to Access Program

Domain Events

• Special groups assigned to new logon
• SID History added to account
• Failed SID History addition
• Kerberos policy changes
• Group type changes
• Special groups logon table modifications

Hyper-V Server Events

• Partitions Created
• Partitions Deleted
• Failed Partition Creations
• Hyper-V Start Events
• Failed Hyper -V Launch
• Hyper-V Switch Creations
• Hyper-V Switch Deletions

Application Crashes

• Application Errors
• Application Hanged
• Windows Error Reporting
• Blue Screen Error(BSOD)
• System Errors
• EMET Logs
• Windows File Protection

Threat Detection From Antivirus

• Threats Detections by ESET Endpoint Antivirus
• Threats Detections by Kaspersky
• Threats Detection by Microsoft Antimalware
• Threats Detection by Sophos Anti-Virus
• Threats Detection by Norton AntiVirus
• Infected files detected by Symantec Endpoint Protection
• Threat Detections by Mcafee

Hyper-V VM Management

• VM Management Service Started
• Failed Starts of VM Management Service
• VM Management Service ShutDown
• Failed VM Creations
• Failed VM imports
• Failed VM exports
• Hyper-V Disk Out of Space
• Failed Hyper-V Worker operation

Registry Changes

• Registry Accessed
• Failed Registry Access
• Registry Created
• Failed Registry Creations
• Registry Value Modified
• Failed Registry Modifications
• Registry Deleted
• Failed Registry Deletions
• Registry Permission Changes
• Top Users on Registry

Infrastructure Reports

• Self logon reports
• Non-self logon reports
• Top Self logons based on users
• Top non-self logons based on users

Windows Critical Reports

• Criticality level of events
• Critical report based on event
• Critical events based on host
• Critical events based on remote host
• Critical events Trend
• Critical events Overview

Removable Disk Auditing

• USB Plugged In
• USB Plugged Out
• Removable Disk Reads
• Removable Disk Failed Reads
• Removable Disk Creates
• Removable Disk Failed Creates
• Removable Disk Modifications
• Removable Disk Failed Modifications
• Removable Disk Deletes
• Removable Disk Failed Deletes
• Host Based Removable Disk Changes
• Top Successful Users on Removable Disk Auditing
• Top Failed Users on Removable Disk Auditing
• Removable Disk Changes Trend

Windows System Events

• Windows Startups
• Windows ShutDowns
• Windows Startups and ShutDowns
• New Service Installed
• Software Installed
• Software Updated
• Failed software installations
• Failed software installations due to privilege mismatches
• Software Uninstalled
• Service Started
• Service Stopped
• Service Failed
• Windows Time Change
• Windows Updates Installed
• Windows update process failed
• Failed hotpatching
• Update Packages Installed
• New kernal filter driver installed
• AD Backup Error
• System Uptime
• GPO Queries Failed
• Invalid Windows license
• Failed Windows license activations
• Non activated Windows licenses
• UnExpected Shutdown
• Active Directory database corruptions
• Bad disk block
• Failed loadings of Kernel driver
• Code Integrity Check
• Invalid image hash file
• Invalid page hash image file
• Hardisk failures
• System Restored
• Windows Security Log Full
• Audit Events Dropped
• Error in EventLog Service
• Event log automatic backup
• Wireless Network Authentication
• Wired Network Authentication
• Wired Network Connected
• Wired Network Disconnected
• Wireless Network Connected
• Wireless Network Disconnected

Windows Severity Reports

• Success Events
• Information Events
• Failure Events
• Warning Events
• Error Events

Windows Backup and Restore

• Failed Windows backup
• Successful windows backup
• Failed Windows restores
• Successful Windows restores

Program Inventory

• New application installations
• Updated Applications
• Removed Applications
• New Internet Explorer addons
• Software Activities

Windows Firewall Auditing

• Rule Added
• Rule Modified
• Rule Deleted
• Settings Restored
• Settings Changed
• Group Policy Changes

Network Policy Server

• Access granted to users
• Access denied to users
• Discarded requests for users
• Discarded accounting requests for users
• Locked users due to repeated logon failures
• NPS Unlocked user accounts