Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
Windows - Security Sys Admin Dashboards
Current Version
1.0.0
Compatible With
- Nagios Log Server
Owner
License
GPL
Hits
7313
Files:
| File | Description |
|---|---|
| Logon_Logoff data-1476822218536 | Logon_Logoff |
| _Windows_Firewall-1476822336782 | Firewall |
| RDP_Logons-1476822274464 | RDP |
| Wifi_Logon-1476822158466 | Wifi_Using_LDAP |
TIP: Set up dashboard alerts, then you don't have to physical check all your dashboards.
My strategy is to used Nagios Log Server as a hunting tool:
1. Create a dash board with about 10 panels, each one monitoring a different field.
2. Search for processes , .exe or other events and see what it is doing
3. Once a result looks good, make a new dashboard and set an "Alert" to e-mail you when a new event occurs
======================================================
Windows Auditpol/EventLogs:
The custom audit policy I used to gather my log data are based off of Randy Franklin Smith's webpage:
(https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008)
Mr. Smith's list edits the auditpol to specifically reduce "loud" MS Window logs which send too much data while not providing much value for the average Tech.
======================================================
Dashboards:(some dashboards should NOT have any events if a computer has no issues, you can test this by extending the dashboard to 30+ days to find alerts)
The dashboards are based off of "Spotting-the-adversary-with-windows-event-log-monitoring":
https://www.iad.gov/iad/library/ia-guidance/security-configuration/applications/spotting-the-adversary-with-windows-event-log-monitoring.cfm
Please verify that you are getting "Good" data before fully trusting any dashboard. I'm not a MS Windows Pro but if YOU ARE, I'm happy to make corrections to the above dashboards.
1. Create a dash board with about 10 panels, each one monitoring a different field.
2. Search for processes , .exe or other events and see what it is doing
3. Once a result looks good, make a new dashboard and set an "Alert" to e-mail you when a new event occurs
======================================================
Windows Auditpol/EventLogs:
The custom audit policy I used to gather my log data are based off of Randy Franklin Smith's webpage:
(https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008)
Mr. Smith's list edits the auditpol to specifically reduce "loud" MS Window logs which send too much data while not providing much value for the average Tech.
======================================================
Dashboards:(some dashboards should NOT have any events if a computer has no issues, you can test this by extending the dashboard to 30+ days to find alerts)
The dashboards are based off of "Spotting-the-adversary-with-windows-event-log-monitoring":
https://www.iad.gov/iad/library/ia-guidance/security-configuration/applications/spotting-the-adversary-with-windows-event-log-monitoring.cfm
Please verify that you are getting "Good" data before fully trusting any dashboard. I'm not a MS Windows Pro but if YOU ARE, I'm happy to make corrections to the above dashboards.
Reviews (0)
Be the first to review this listing!
