Suspicious Event Log Monitor

Detect internal and external suspicious events

RocketCyber's Windows event log monitor, provides MSPs the ability to detect suspicious activity. With small businesses constantly in the crosshairs and defending against malicious actors, it's extremely important to monitor log data for both servers and workstations. This RocketApp eliminates the massive amount of noise and man hours needed to analyze log data by specifically focusing on security related events that matter. Once a security event is detected, alerts are immediately submitted to your PSA and/or email. White labeled reporting is also included.


OS Support:

Windows Workstation 7, 8, 8.1, 10

Windows Server 2008, 2012, 2016

This RocketApp is for MSPs to deliver suspicious event log monitoring services.

Visualizing Event Log Data

90-day monitoring chart for your next QBR

Historically MSPs have been reluctant to present Windows Event Log data during quarterly business reviews with SMB owners. Rightfully so as log data can produce massive volumes of data, and creating a meaningful story out of it was challenging, until now.

Data visualization of log data with RocketCyber refers to showcasing data, numbers, tables and charts. When it comes time for your MSPs next QBR security discussion, you'll now have an engaging conversation with security evidence of activity that draws conclusions for the SMB owner with informative decisions.

 

This table represents a sample overview of suspicious events detected.

Host name Date/Time Event ID Category Source Details
BAUSTIN 10/16/18 10:57:35PM 1102 Log clear Microsoft-Windows-Eventlog Audit log was cleared
BAUSTIN 10/16/18 10:57:35PM 4624 Account logon Microsoft-Windows-Security-Auditing Successful user account logon
BAUSTIN 10/16/18 10:57:35PM 4625 Account logon Microsoft-Windows-Security-Auditing Failed user account logon
BAUSTIN 10/16/18 10:57:35PM 4719 Policy Change Microsoft-Windows-Security-Auditing System audit policy changed
SHAKIRA 10/16/19 10:03:14PM 4740 Account Change Microsoft-Windows-Security-Auditing A user account was locked out
POPULAR

Top 10 Windows Security Events to Monitor

Highlights 10 important events to monitor in the security log of your Windows servers and workstations, and why you care.

RocketCyber Security Platform coming December of 2018

Get Notified!