Logging, Monitoring, & Intrusion Detection

Event Analysis Report

by Josef Weiss
July 15, 2014

This report contains information that provides an overview of collected events. This provides the analyst with many different methods to quickly locate actionable context in your data. Its counterpart is the Event Analysis Dashboard.

Incident Response Report

by Josef Weiss
July 3, 2014

This report displays incident response details on Systems that have been found in your environment to have active intrusion events. Intrusion events are events that are triggered by plugin 800125 - Long Term Intrusion Activity, or 800017 - Intrusion Statistics..

Unknown Processes

by Cody Dumont
June 26, 2014

Unknown Processes Screen Shot
This report displays unknown processes, gray area processes, and known installed software across a series of components.

Group Management Report

by Cody Dumont
March 27, 2014

Group Management Report
This report provides a detailed analysis of the group membership across many platforms. The supported platforms are Windows, OS X, and LDAP. The report is structured to provide a summary list of systems, and then enumerate the group membership. The report provides details on group membership though SMB enumeration, LDAP search queries, ADSI, and parsing of system configuration files.

Council on CyberSecurity - Critical Security Controls Report

by Cody Dumont
March 18, 2014

Council on CyberSecurity Critical Security Controls Report
This report covers many controls found in the Council on CyberSecurity 20 Critical Security Controls. As published by Council on CyberSecurity, the goal of the 20 Critical Security Controls is to protect assets, infrastructure, and information by strengthening your organization’s defensive posture through continuous automated protection and monitoring.

Insider Threat Report v2

by Josef Weiss
March 6, 2014

This report was completely re-worked and streamlined, and now includes New_User_Source events in two different formats. A new section resides under Chapter 2, titled 'New User Source Summary', and contains a New User Source User Summary and a New User Source Event List, as shown below.

Errors and Warnings Report

by Josef Weiss
January 21, 2014

This report displays details on all warnings and errors identified in the environment.

The report has two main customizable sections.

The error section contains tables that present the reviewer with all errors found. By default, it is set up for display of the top 10 errors by count, and/or the last 24 hours by time. This can be easily modified to extend timeframe or display parameters. This section presents detected errors using five different methods.

Copyright Report

by Josef Weiss
November 14, 2013

Copyright Report

This report presents a detailed vulnerability summary on files that may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.

The associated component can be found here: Copyright Indicator

Event Indicator Alert Report

by Cody Dumont
August 1, 2013

Event Indicator Alert Report Screen Shot
This report provides the event summaries of each system that has been identified to have more than one "indicator" event type. The indicator event is a correlation of specific events associated with scanning, compromises, anomalies and other behaviors indicative of determined attackers, advanced malware and other forms of activities worth investigating.