Resources

Packs

Windows Security Packs 2




Windows Security Packs provide enhanced visibility into Windows Security events sources with saved queries, real-time alerting and dashboards.

Windows PCI Compliance

The Windows PCI Compliance pack contains pre-configured tags, saved queries, and dashboards. These tags, saved queries, and dashboards have been created to help you maintain your PCI Compliance, this pack alone will not help you meet PCI Compliance, it's meant to be used in tandem with your Auditing Policies. Your Auditing Policies will determine what is and is not logged within your environment, in order to meet compliance, your Audit Policies should be configured to monitor both the logs and audit trails generated by your applications or systems, meaning you should be able to tell when and what a user accesses within your environment. See the requirements section below for further information.

This Pack contains the following:

  • Dashboards: High level dashboards counting the number of invalid logins, admin accounts created, accounts locked out, Windows Audit Logs cleared, and changes to the Windows Auditing Policy within your entire environment. Here is what the PCI Compliance Pack dashboard would look like on a fresh account.
  • Saved Queries: The searches which are powering the dashboards, and the searches to help you investigate the sources of invalid logins, admin accounts created, accounts locked out, Audit Logs cleared, and changes to the Windows Audit Policy. Here is what the saved searches look like, the "by host" saved searches are the searches you would use to investigate the source of Invalid Logins, Accounts Locked Out, etc.
  • Tags and Alerts: Tags highlight instances of important Windows PCI events. These tags can quickly be configured as basic alerts, anomaly alerts and inactivity alerts to highlight spikes in important security events, password updates, and policy related events.

Requirements:
- Logentries Account - Don't have a Logentries Account? Sign up for a free account
- You must configure your Windows Audit Policies to meet PCI Compliance. Please see this blog post.

Contribute:
You can contribute to the contents of this Pack or submit a new pack by creating a GitHub Pull Request.
- Please see the GitHub Repository here: https://github.com/logentries/le_community_packs
- For instructions on how to create and format packs please see the documentation.

Download Pack View Pack Install Doc

Windows Security Events Pack

The Windows Security Events Pack provides out of the box tags that can be used to highlight important events that occur in your windows security event logs. The pack will highlight important security events for Windows 2003 and 2008 error codes as well as newer Windows 2012 error codes.

This Pack contains the following:

Requirements:
- Logentries Account - Don't have a Logentries Account? Sign up for a free account
- Installation with Windows Security

Contribute:
You can contribute to the contents of this Pack or submit a new pack by creating a GitHub Pull Request.
- Please see the GitHub Repository here: https://github.com/logentries/le_community_packs
- For instructions on how to create and format packs please see the documentation.

Download Pack View Pack Install Doc

Start Your Free
30-day Trial Now

No credit card required!
Get set-up in minutes.

Start Free Trial Setup a Demo