Windows Auditing


Logsign can be easily integrated with Windows auditing environment by using Windows Management Instrumentations (WMI) services. Logsign is a complete solution to collect all Windows events and provides its normalization. Logsign allows the analyzing all Windows events in a clearer and less sophisticated way compared to Windows systems. Consequently, Logsign decreases IT managers’workload with enhanced reports of all Windows events.






More Security More Compliance

  • Collect all Windows messages.
  • Work with all message details.
  • Security and compliance oriented normalization.
  • Predefined report and alert templates.

Increase your data analytics capacity with comprehensive Windows integration. Raise awareness of all details about account management, object access, system transactions and others happening on your Windows systems.

Many systems collect only basic messages of Windows. On the contrary Logsign collects all the audit messages that belong to Windows systems. Where traditionally other solutions can handle significantly low levels of ID messages, Logsign normalizes these data of up to 400 message IDs. This capacity keeps growing every time Logsign familiarizes with unknown new messages. This reduces complexity of Windows column names.


Logsign Event Mapping Sample






To enjoy quick, simple but meaningful insights, Logsign not only allows the normalization of Windows events that consist of hundreds of columns, but also provides a possibility to review all data in the same context categories via its wisely structured column architecture. About details on structured column architecture please visit our support platform.


Source

  • Domain : TEKNIK
  • HostName : CUSTOMER
  • IP : 10.0.4.44
  • LogonGUID : (00000000-0000-0000-0000-000000000000)
  • Logon ID : 0x3d0adb53
  • Logon Type : 3
  • Port : 44268
  • SecurityID : S-1-5-21-1-1806690410-1861694035-2341430685-500
  • UserName : Administrator



Predefined Alert & Report Templates

Logsign provides various predefined reports about Windows auditing, system and security.




Most of the Windows security audit events are normalized thoroughly by Logsign. Flexible report architecture allows an easy, simple and functional review on all user session logs, file and fileshare actions, account management activities and more Windows events. Preprepared reports on all categories of Windows simplifies your work. All these reports can be customized and improved when needed.




Windows Logon & Logoff Activities

Logon & Logoff Activities reports contain on one side the transactions of successful logins, logouts, failed login attempts etc. and all the details belonging to theses events on the other. These details consist of user domain, username, date and time, message info, happened action, logon type etc. Access this information by just one click, and analyze them in detail by using related filters.




All user activities can be analyzed with more than one report. Also terminal server events and the Remote Desktop Protocol (RDP) session processes can be analyzed in separate reports.




Windows Account Management

All user operations are included in the Windows Account Management audit category. Logsign provides reliable and strong reporting support about all the processes such as creating and deleting user, password activities, user enable/disable attempts, group changes, lock/unlock transactions and more. Logsign generates more than 20 reports in one report block capturing all Active Directory operational processes.





Windows File / Fileshare Events

The file and fileshare structure on Windows systems allows the analysis on file server auditing processes. Logsign normalizes all the user, time and object based actions; and provides the reports about read files, deleted folders, modified files etc. All these events such as file, fileshare and detailed fileshare can be analyzed in much more detailed and efficient way than on Windows systems.





System Events

It is always important to obtain information about who, when and by which style is a Windows server rebooted or powered off. All these actions are normalized and presented with all its details in reports. Review and analyze the changes on Windows Firewall as well as the fullness of Windows logs or delete them from event viewer when needed.





Directory Services

It is possible to analyze the operational changes on the side of organizational units. Analyze the events about the objects that are added or deleted on Group Policy Management as well as the created or deleted OU events.