Logging, Monitoring & Intrusion Detection

PsExec Auditing by Asset

by Ron Gula
May 19, 2011


The presence of the PsExec Windows service often indicates non-standard administration practices or even that a system has been compromised. This dashboard charts assets with PsExec installed and also trends scan results for PsExec over the past 25 days. 

Statistical Event Monitoring

by Ron Gula
May 10, 2011


This dashboard leverages output from the LCE's stats daemon to produce a variety of seven day and 24 hour charts of anomalies found for each asset group.

Never Before Seen Network Events

by Ron Gula
May 9, 2011


This dashboard highlights "new" events from network activity and services as normalized by the PVS and LCE over the past 24 hours and seven days by asset. 

SecurityCenter Internal Event Monitoring

by Ron Gula
May 7, 2011


This dashboard displays normalized events from a SecurityCenter over the past seven days. Viewing these events show usage, change, errors and other items that should be tracked. 

Network Activity and Anomalies

by Ron Gula
May 5, 2011


This dashboard charts specific types of large bandwidth and long session network connections per asset, and also trends all network sessions and network anomalies.

Log Collection Monitoring by Asset

by Ron Gula
May 5, 2011


Creating dashboards which show that various types of logs are being collected as expected across your assets is an easy way to monitor your log collection process.