Windows Threat Activity

The Windows Threat Activity dashboard provides an overview of the windows events logs from they key areas of:

• security event logs - these event ids are the most common events for user logins, system process commands, file activity monitoring etc. The chart in this section provides a consolidated view of high generated events to that be used to review the system for indicators of malicious activity.  Each of the events can be viewed in the drill through for future analysis based on the data and time period selected form the date picker on the top right of the screen.
• Windows Application Events - All application activity on the system with service accounts and software installs will show from these event ids. System crashes and other anomalous activity can be reported on. 
• Windows Systems affected - this will show the system that are generating the majority of the events.  Filters can be applied to remove specific hosts to allow a focus of specific systems when desired. 
• The All log Summary shows the event rate over time for the desired filter settings. This allows the security admin to view unusual activity or peeks of activity at specific times of the day or week. 

v2 Dashboards