Home Directory Addons Nagios Log Server Dashboards Windows - Security Sys Admin Dashboards

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

Windows - Security Sys Admin Dashboards

Rating
0 votes
Favoured:
0
Current Version
1.0.0
Compatible With
  • Nagios Log Server
Owner
License
GPL
Hits
7863
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Dashboards used for Sys Admin Security monitoring and alerting.

TIP: Set up dashboard alerts, then you don't have to physical check all your dashboards.
My strategy is to used Nagios Log Server as a hunting tool:

1. Create a dash board with about 10 panels, each one monitoring a different field.
2. Search for processes , .exe or other events and see what it is doing
3. Once a result looks good, make a new dashboard and set an "Alert" to e-mail you when a new event occurs

======================================================
Windows Auditpol/EventLogs:

The custom audit policy I used to gather my log data are based off of Randy Franklin Smith's webpage:

(https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008)

Mr. Smith's list edits the auditpol to specifically reduce "loud" MS Window logs which send too much data while not providing much value for the average Tech.

======================================================
Dashboards:(some dashboards should NOT have any events if a computer has no issues, you can test this by extending the dashboard to 30+ days to find alerts)

The dashboards are based off of "Spotting-the-adversary-with-windows-event-log-monitoring":

https://www.iad.gov/iad/library/ia-guidance/security-configuration/applications/spotting-the-adversary-with-windows-event-log-monitoring.cfm

Please verify that you are getting "Good" data before fully trusting any dashboard. I'm not a MS Windows Pro but if YOU ARE, I'm happy to make corrections to the above dashboards.