Build precise queries to find exactly what you need
Press ESC to close
Your review has been submitted and is pending approval.
Dashboards used for Sys Admin Security monitoring and alerting. TIP: Set up dashboard alerts, then you don't have to physical check all your dashboards.
Current Version
1.0.0
Last Release Date
October 19, 2016
Owner
Eric
License
GPL
Compatible With
My strategy is to used Nagios Log Server as a hunting tool:
1. Create a dash board with about 10 panels, each one monitoring a different field. 2. Search for processes , .exe or other events and see what it is doing 3. Once a result looks good, make a new dashboard and set an "Alert" to e-mail you when a new event occurs
====================================================== Windows Auditpol/EventLogs:
The custom audit policy I used to gather my log data are based off of Randy Franklin Smith's webpage:
(https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008)
Mr. Smith's list edits the auditpol to specifically reduce "loud" MS Window logs which send too much data while not providing much value for the average Tech.
====================================================== Dashboards:(some dashboards should NOT have any events if a computer has no issues, you can test this by extending the dashboard to 30+ days to find alerts)
The dashboards are based off of "Spotting-the-adversary-with-windows-event-log-monitoring":
https://www.iad.gov/iad/library/ia-guidance/security-configuration/applications/spotting-the-adversary-with-windows-event-log-monitoring.cfm
Please verify that you are getting "Good" data before fully trusting any dashboard. I'm not a MS Windows Pro but if YOU ARE, I'm happy to make corrections to the above dashboards.
You must be logged in to submit a review.
To:
From: