Windows Security Packs 2

The Windows PCI Compliance pack contains pre-configured tags, saved queries, and dashboards. These tags, saved queries, and dashboards have been created to help you maintain your PCI Compliance, this pack alone will not help you meet PCI Compliance, it's meant to be used in tandem with your Auditing Policies. Your Auditing Policies will determine what is and is not logged within your environment, in order to meet compliance, your Audit Policies should be configured to monitor both the logs and audit trails generated by your applications or systems, meaning you should be able to tell when and what a user accesses within your environment. See the requirements section below for further information.

This Pack contains the following:

• Dashboards: High level dashboards counting the number of invalid logins, admin accounts created, accounts locked out, Windows Audit Logs cleared, and changes to the Windows Auditing Policy within your entire environment. Here is what the PCI Compliance Pack dashboard would look like on a fresh account.
• Saved Queries: The searches which are powering the dashboards, and the searches to help you investigate the sources of invalid logins, admin accounts created, accounts locked out, Audit Logs cleared, and changes to the Windows Audit Policy. Here is what the saved searches look like, the "by host" saved searches are the searches you would use to investigate the source of Invalid Logins, Accounts Locked Out, etc.
• Tags and Alerts: Tags highlight instances of important Windows PCI events. These tags can quickly be configured as basic alerts, anomaly alerts and inactivity alerts to highlight spikes in important security events, password updates, and policy related events.

Requirements:
- Logentries Account - Don't have a Logentries Account? Sign up for a free account
- You must configure your Windows Audit Policies to meet PCI Compliance. Please see this blog post.

Contribute:
You can contribute to the contents of this Pack or submit a new pack by creating a GitHub Pull Request.
- Please see the GitHub Repository here: https://github.com/logentries/le_community_packs
- For instructions on how to create and format packs please see the documentation.

The Windows Security Events Pack provides out of the box tags that can be used to highlight important events that occur in your windows security event logs. The pack will highlight important security events for Windows 2003 and 2008 error codes as well as newer Windows 2012 error codes.

This Pack contains the following:

• More details on the events highlighted by this pack can be found here: https://docs.logentries.com/docs/windows-security/

Requirements:
- Logentries Account - Don't have a Logentries Account? Sign up for a free account
- Installation with Windows Security

Contribute:
You can contribute to the contents of this Pack or submit a new pack by creating a GitHub Pull Request.
- Please see the GitHub Repository here: https://github.com/logentries/le_community_packs
- For instructions on how to create and format packs please see the documentation.