Suspicious Event Log Monitor
RocketCyber’s Windows and macOS event log monitor, provides MSPs the ability to detect suspicious activity. With small businesses constantly in the crosshairs and defending against malicious actors, it’s extremely important to monitor log data for both servers and workstations. This RocketApp eliminates the massive amount of noise and man hours needed to analyze log data by specifically focusing on security related events that matter. Once a security event is detected, alerts are immediately submitted to your PSA and/or email. White labeled reporting is also included.
Windows Workstation 7, 8, 8.1, 10
Windows Server 2008, 2012, 2016
macOS Mojave 10.14, Catalina 10.15
ENDPOINT EVENT LOG MONITOR
Microsoft Windows & macOS event log monitoring detects and alerts security related activities such as failed logins, clearing security logs, unauthorized activity, etc.
Visualizing Event Log Data
Historically MSPs have been reluctant to present Windows Event Log data during quarterly business reviews with SMB owners. Rightfully so as log data can produce massive volumes of data, and creating a meaningful story out of it was challenging, until now.
Data visualization of log data with RocketCyber refers to showcasing data, numbers, tables and charts. When it comes time for your MSPs next QBR security discussion, you’ll now have an engaging conversation with security evidence of activity that draws conclusions for the SMB owner with informative decisions.
This table represents a sample overview of suspicious events detected.
|Host name||Date/Time||Event ID||Category||Source||Details|
|BAUSTIN||10/16/18 10:57:35PM||1102||Log clear||Microsoft-Windows-Eventlog||Audit log was cleared|
|BAUSTIN||10/16/18 10:57:35PM||4624||Account logon||Microsoft-Windows-Security-Auditing||Successful user account logon|
|BAUSTIN||10/16/18 10:57:35PM||4625||Account logon||Microsoft-Windows-Security-Auditing||Failed user account logon|
|BAUSTIN||10/16/18 10:57:35PM||4719||Policy Change||Microsoft-Windows-Security-Auditing||System audit policy changed|
|SHAKIRA||10/16/19 10:03:14PM||4740||Account Change||Microsoft-Windows-Security-Auditing||A user account was locked out|