Suspicious Event Log Monitor

Detect internal and external suspicious events

RocketCyber’s Windows and macOS event log monitor, provides MSPs the ability to detect suspicious activity. With small businesses constantly in the crosshairs and defending against malicious actors, it’s extremely important to monitor log data for both servers and workstations. This RocketApp eliminates the massive amount of noise and man hours needed to analyze log data by specifically focusing on security related events that matter. Once a security event is detected, alerts are immediately submitted to your PSA and/or email. White labeled reporting is also included.

OS Support:
Windows Workstation 7, 8, 8.1, 10

Windows Server 2008, 2012, 2016

macOS Mojave 10.14, Catalina 10.15

SUSPICIOUS
Card image cap
ENDPOINT EVENT LOG MONITOR

Microsoft Windows & macOS event log monitoring detects and alerts security related activities such as failed logins, clearing security logs, unauthorized activity, etc.

Visualizing Event Log Data

90-day monitoring chart for your next QBR

Historically MSPs have been reluctant to present Windows Event Log data during quarterly business reviews with SMB owners. Rightfully so as log data can produce massive volumes of data, and creating a meaningful story out of it was challenging, until now.

Data visualization of log data with RocketCyber refers to showcasing data, numbers, tables and charts. When it comes time for your MSPs next QBR security discussion, you’ll now have an engaging conversation with security evidence of activity that draws conclusions for the SMB owner with informative decisions.

Created with Highcharts 10.3.3TotalChart context menuTop 5 Windows Security Event Categoriesby All CustomersMayJuneJulyAccount lockoutAccount modificationsAccount logonServicesCode Integrity0510152025303540

This table represents a sample overview of suspicious events detected.

Host name Date/Time Event ID Category Source Details
BAUSTIN 10/16/18 10:57:35PM 1102 Log clear Microsoft-Windows-Eventlog Audit log was cleared
BAUSTIN 10/16/18 10:57:35PM 4624 Account logon Microsoft-Windows-Security-Auditing Successful user account logon
BAUSTIN 10/16/18 10:57:35PM 4625 Account logon Microsoft-Windows-Security-Auditing Failed user account logon
BAUSTIN 10/16/18 10:57:35PM 4719 Policy Change Microsoft-Windows-Security-Auditing System audit policy changed
SHAKIRA 10/16/19 10:03:14PM 4740 Account Change Microsoft-Windows-Security-Auditing A user account was locked out

Get Advanced Threat Protection today with RocketCyber.

Gain visibility into Endpoint, Network and Cloud attack pillars.