Logging, Monitoring & Intrusion Detection

Intrusion Event Trending

by Ron Gula
May 20, 2011

IntrusionTrend

This dashboard shows all IDS event trends by direction, high profile IDS events, statistical IDS event anomalies and a list of users that have had IDS events in the past five days. 

PsExec Auditing by Asset

by Ron Gula
May 19, 2011

PsExec-Trend

The presence of the PsExec Windows service often indicates non-standard administration practices or even that a system has been compromised. This dashboard charts assets with PsExec installed and also trends scan results for PsExec over the past 25 days. 

Statistical Event Monitoring

by Ron Gula
May 10, 2011

LCE-Stats

This dashboard leverages output from the LCE's stats daemon to produce a variety of seven day and 24 hour charts of anomalies found for each asset group.

Never Before Seen Network Events

by Ron Gula
May 9, 2011

NBS-Network-Events

This dashboard highlights "new" events from network activity and services as normalized by the PVS and LCE over the past 24 hours and seven days by asset. 

SecurityCenter Internal Event Monitoring

by Ron Gula
May 7, 2011

SC4-Events

This dashboard displays normalized events from a SecurityCenter over the past seven days. Viewing these events show usage, change, errors and other items that should be tracked. 

Network Activity and Anomalies

by Ron Gula
May 5, 2011

LCE-Network

This dashboard charts specific types of large bandwidth and long session network connections per asset, and also trends all network sessions and network anomalies.

Log Collection Monitoring by Asset

by Ron Gula
May 5, 2011

LCE-LogCollectionMonitoring

Creating dashboards which show that various types of logs are being collected as expected across your assets is an easy way to monitor your log collection process. 

Pages