Support
 
Support Get Quote
 
 
 
 

Windows Device Auditing

Windows event auditing

For the many organizations that use Windows devices, most activity within the company happens on Windows networks. With so many Windows devices in use, several proprietary applications—such as the native Windows firewall, backup, and hypervisor applications—are also popular across organizations. Auditing log information from Windows devices can prove valuable in several ways, for instance by:

  • Providing an overview of all network activities, across Windows event log severity levels.
  • Securing networks with information on potential breaches, vulnerabilities, and anomalies.
  • Summarizing user activity and data captured by various native applications.
  • Protecting organizations from data theft and monitoring removable device usage.
  • Pinpointing events of concern, such as multiple failed logons or application crashes.
  • Tracking all system events and registry changes.

With its vast collection of predefined reports and alerts, EventLog Analyzer automates the otherwise laborious task of auditing Windows device information.

Auditing Windows devices with EventLog Analyzer

EventLog Analyzer provides:

  • Support for both the older EVT and newer EVTX event log formats. This includes audit logs from server and client versions of Windows NT, XP, Vista, 2000, 2003, 2008, 2012, 7, 8, and 10.
  • Activity analysis for various native applications including Windows Firewall, Windows Backup and Restore, and Microsoft Hyper-V.
  • Agentless technology to collect event logs, with the option to install agents if necessary.
  • Central log storage and data normalization.
  • Hundreds of predefined reports, including reports for regulatory compliance.
  • Log archiving that is secure and encrypted, yet flexible.
  • Real-time alerts sent via email or SMS for notable events such as failed logons, object accesses, network anomalies, and more.
  • Simple and advanced log search options for in-depth log forensics.

Windows device auditing features

Log collection

  • Windows event logs are collected using an agentless mechanism.
  • View a summary of all collected logs on the product dashboard.
  • Monitor the number and type of logs (such as warnings or failures) collected from each Windows device on the dashboard.

Log analysis

  • EventLog Analyzer offers more than 120 predefined reports for Windows device auditing, covering a wide range of events.
  • Reports are easy to understand, with both graphical and tabular representations.
  • Customize, schedule, and distribute reports via email. Export reports in both PDF and CSV formats.

Real-time alerts

  • Receive alerts about notable events in real time, including high profile threats like potential security breaches, sent as email or SMS.
  • Customize alert profiles by setting alert priority levels, choosing which conditions generate alerts, and more.
  • Designate automated program responses, such as generating an SNMP trap, or triggering a sound alarm.

Real-time event correlation

  • EventLog Analyzer features real-time event log correlation, which correlates events on multiple devices and raises an alert if a potential attack pattern is detected.
  • With over 70 predefined correlation rules, use a simple drag-and-drop interface to create complex rules that recognize possible attack patterns.

Regulatory compliance

  • Use predefined reports to meet several compliance regulations, including PCI DSS, HIPAA, SOX, GLBA, FISMA, ISO 27001:2013, and GPG.
  • Generate alerts for all compliance policy-related events, such as changes to user accounts or clearing of audit logs.
  • Create custom compliance reports to keep up with future compliance requirements.

Log forensics

  • EventLog Analyzer features a powerful search engine with several flexible search options, facilitating root cause analysis. Easily discover the time, location, and person that caused a security event.
  • Search both raw and formatted logs.
  • Save search results as one-time reports or set a schedule to generate recurring reports. Create alert profiles based on searches.

Log archival

  • Logs are securely compressed and archived so they are tamper-free.
  • Customize log archive files, including when they are created and later deleted, and where they are stored.
  • Load, search, and report on archive files at any time to learn more about the scope of events.

Windows device reports

More than 120 predefined reports for Windows devices are categorized into logical report groups for easy access. Reports are available in the following categories:

  • Windows severity reports: View all Windows event logs, including the severity level (success, failure, information, critical, etc.) for each event.
  • Windows system events: Track several important system events, such as startups and shutdowns, service and software installations, Windows updates, and many more.
  • Threat reports: Identify network attacks—like denial of service (DDoS) or downgrade attacks—and other events that impact network security, such as the event logging service being shut down or user accounts being locked out.
  • Removable disk auditing: Thoroughly monitor the usage of removable disks on a network, including all data operations performed on removable disks, such as creation, modification, removal, and more.
  • Network policy: Monitor events that occur as a result of network policies, such as granted or denied network access and account lockouts due to repeated logon failures.
  • Registry changes: Track Windows registry usage and view all changes to registry values.
  • Windows Backup and Restore: Audit all activity on the native Windows backup software, Windows Backup and Restore.
  • Application crashes: Track the reasons behind various application crashes, such as the Blue Screen of Death (BSOD) error, an application hang, system errors, and other application errors.
  • Application whitelisting: View detailed information about applications that ran successfully or failed.
  • Program inventory: Keep track of application installs, updates, and removals.
  • Windows Firewall: Audit Windows Firewall and track changes to rules and policies. Identify various attacks prevented by the firewall, such as spoof attacks, flood attacks, ping of death attacks, and more.
  • Antivirus reports: Find detailed information about threats detected by various popular antivirus software, including ESET, Kaspersky, Sophos, Norton, and the native Windows antivirus and anti-malware applications.
  • Data theft: Reveal data theft from various points of access, such as printers, removable media, database backups, and more.
  • Hyper-V auditing: Audit the activity on Microsoft Hyper-V servers and virtual machines, such as partition creation, Hyper-V switch creation, VM creations, imports, and more.
Customer Speaks
  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
     
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
     
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
     
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • I love the alerts feature of the product. We are able to send immediate alerts based on pretty much anything we can think of. We send alerts when certain accounts login, or when groups are changed, etc. That has been very helpful. Also the automatic archive of the log files has been very helpful and has taken the worry out of keeping old logs. The “Ask Me” function is very nice as well. It is great to have some natural language queries built in where you can just click a button and get an answer.
     
    Jim Earnshaw
    Senior Computer Specialist
    Department of Chemistry
    University of Washington
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
     
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

EventLog Analyzer Trusted By

A Single Pane of Glass for Comprehensive Threat Management