Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Windows - Security Sys Admin Dashboards
1.0.0
- Nagios Log Server
GPL
7869
File | Description |
---|---|
Logon_Logoff data-1476822218536 | Logon_Logoff |
_Windows_Firewall-1476822336782 | Firewall |
RDP_Logons-1476822274464 | RDP |
Wifi_Logon-1476822158466 | Wifi_Using_LDAP |
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
TIP: Set up dashboard alerts, then you don't have to physical check all your dashboards.
My strategy is to used Nagios Log Server as a hunting tool:
1. Create a dash board with about 10 panels, each one monitoring a different field.
2. Search for processes , .exe or other events and see what it is doing
3. Once a result looks good, make a new dashboard and set an "Alert" to e-mail you when a new event occurs
======================================================
Windows Auditpol/EventLogs:
The custom audit policy I used to gather my log data are based off of Randy Franklin Smith's webpage:
(https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008)
Mr. Smith's list edits the auditpol to specifically reduce "loud" MS Window logs which send too much data while not providing much value for the average Tech.
======================================================
Dashboards:(some dashboards should NOT have any events if a computer has no issues, you can test this by extending the dashboard to 30+ days to find alerts)
The dashboards are based off of "Spotting-the-adversary-with-windows-event-log-monitoring":
https://www.iad.gov/iad/library/ia-guidance/security-configuration/applications/spotting-the-adversary-with-windows-event-log-monitoring.cfm
Please verify that you are getting "Good" data before fully trusting any dashboard. I'm not a MS Windows Pro but if YOU ARE, I'm happy to make corrections to the above dashboards.
1. Create a dash board with about 10 panels, each one monitoring a different field.
2. Search for processes , .exe or other events and see what it is doing
3. Once a result looks good, make a new dashboard and set an "Alert" to e-mail you when a new event occurs
======================================================
Windows Auditpol/EventLogs:
The custom audit policy I used to gather my log data are based off of Randy Franklin Smith's webpage:
(https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008)
Mr. Smith's list edits the auditpol to specifically reduce "loud" MS Window logs which send too much data while not providing much value for the average Tech.
======================================================
Dashboards:(some dashboards should NOT have any events if a computer has no issues, you can test this by extending the dashboard to 30+ days to find alerts)
The dashboards are based off of "Spotting-the-adversary-with-windows-event-log-monitoring":
https://www.iad.gov/iad/library/ia-guidance/security-configuration/applications/spotting-the-adversary-with-windows-event-log-monitoring.cfm
Please verify that you are getting "Good" data before fully trusting any dashboard. I'm not a MS Windows Pro but if YOU ARE, I'm happy to make corrections to the above dashboards.
Reviews (0)
Be the first to review this listing!