Presentation is loading. Please wait.

Presentation is loading. Please wait.

Net Report WMI Dashboard Summary

Published byTorben Antonsen Modified over 5 years ago

Similar presentations

Presentation on theme: "Net Report WMI Dashboard Summary"— Presentation transcript:

1 Net Report WMI Dashboard Summary
Fourth Quarter 2005

2 Table of Contents 1. WMI Dashboard Concept
2. WMI Dashboard Structure and Navigation 3. Glossary and Lexicon April 16, 2019

3 1. WMI Dashboard Concept April 16, 2019

4 WMI and Net Report Windows Management Instrumentation (WMI):
“.. an API in the Windows OS enabling devices and systems in a network, (i.e. enterprise networks) to be managed and controlled, setting information on workstations, applications and networks…” Net Report WMI Dashboards: Analyze and Report on Microsoft (Windows  2000, NT, 2003, XP) Event Viewer Logs 24/7: Application Logs. Security Logs. System Logs. Increase Visibility on your Enterprise’s Applications, Security & Systems in real-time. April 16, 2019

5 Net Report Event Viewer Log Analysis
Focus on Potential Security Threats: Your Enterprise’s Application, Security & System risks in real-time. Check Security Policies are Respected & Appropriate: Track User Trends 24/7, follow suspicious out-of-hours activity. Ensure Data Confidentiality, Integrity & Availability: Benefit from Net Report auto-audit options. Economize your Enterprise Management Costs & TCO: Benefit from our Centralized Business Intelligence Solution. Benefit from Versatile Drill-down Features Net Report Filter to drill-down to the exact data you need, to avoid you wading through reams of log data, we highlight the important information! April 16, 2019

6 Net Report Dashboard Concept
Consolidated Dashboards Net Report interprets and presents your Event log data Statistics in easy-to-read, categorized, graphical Dashboards. Customized Dashboards Dashboards generated with the Parameters you entered in the Net Report Web Portal. Add your company logos. Chronologically Interlinked Dashboards Dynamic Previous and Next arrows enable you to navigate between reports from different days, months and years. Versatile Drill-down Intuitive drill-down to the information you need. April 16, 2019

7 Net Report WMI Dashboard Example
General WMI Statistics for all three Logs: Application, Security and System Logs. Graphs of Events by Hour of the Day. Top n Log Activity per User. Number of Security Events by Category. Top Failed Logons. Detailed Tracking: Most Active File/Directory user, most accessed File/Directory. April 16, 2019

8 2. WMI Dashboard Structure and Navigation
April 16, 2019

9 Three Major Sections 1. General WMI Three-Log Activity Statistics
What is the number of specific event types logged (in the Application, Security and System Logs) by hour for my organization? Who is clearing their Security Audit Log? What Log Activity Events are logged by my Enterprise? 2. Security Log Event Statistics What are the Successful/Failure Logon/Logoff Event Figures for my enterprise? Is there any Suspicious Out-of-hours Activity? Is my Enterprise a victim of Privilege Escalation? Is the Security Privilege Use Policy appropriate? Who is changing Security Policy within my Enterprise? Who is making Account changes – do they have Admin rights? Net Report WMI Dashboards 3. File/Directory Access Statistics Who accesses Files/Directories the most often? What Files/Directories do they access the most? Is my Corporate Data Security Policy Effective? April 16, 2019

10 Get the Info you Need: Bookmarks
1. General WMI Three-Log Activity Statistics 2. Security Log Event Statistics 3. File/Directory Access Statistics April 16, 2019

11 Front Page Hyperlinks 1. General Three-Log Activity Statistics
2. Security Log Event Statistics 2. Security Log Event Statistics 1. General Three-Log Activity Statistics 3. File/Directory Access Statistics April 16, 2019

12 Front Cover – Interactive Features
Dashboard Home Link via the WMI Icon Bookmarks Previous and Next Arrows Date and Time Dashboard was Generated Net Report Web Site and Page Numbers Key Points: Hyperlinks: Each Table, Graph, Diagram and label is hyperlinked to the relevant point in the Dashboard Report (“Dashboard”). Simply click the Table, Graph or part of the Diagram you are interested in to go to the detailed breakdown in the Dashboard. Dashboard Home Link via the WMI Icon: click the WMI icon in the top right corner on any page to return to the Dashboard home page. Previous and Next Arrows: Easily navigate between Dashboards from month-to-month or day-to-day (i.e. with Daily or Monthly Dashboards). Date and Time Dashboard was Generated: You can also add additional Parameters via the Net Report Web Portal. When the Parameter is GNORE this means that no information has been submitted or that no information is available. Bookmarks: Easily view the Table of Contents for the Dashboard, easily navigate through the Dashboard at any Time via the Bookmarks tree structure in the left pane of the Dashboard. April 16, 2019

13 Front Cover – Bookmarks
Bookmarks: Your Table of Contents Importance: View the Bookmarks tab in the left pane of your *.pdf Dashboard to use the Table of Contents. Tree Structure: Click the plus sign adjacent to the Report title you are interested in to expand the branches and access the Report. Easy Navigation: Click the Report title you want, to go directly to the sub-report in the Dashboard. Customized Parameters: You specify the Parameters you want in the Net Report Web Portal. For example, the Top n … you select whether you want the top 5, 10, 60, 100 and so on. Note: This Presentation follows the tree structure in the Bookmarks tab to your left. April 16, 2019

14 3. Glossary and Lexicon April 16, 2019

15 Glossary (1) Log Definitions
Log Types Application Log: Contains events logged by applications or programs. Security Log: Records events such as valid and invalid logon attempts, as well as events related to resource such as creating, opening or deleting files or other objects. An administrator can specify what events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log. System Log: Contains events logged by Windows System components. Glossary (1) Log Definitions April 16, 2019

16 Glossary (2) Event Definitions
Event Types The format and contents of the event description vary, depending on the event type. The description is often the most useful piece of information, indicating what happened or the significance of the events. The event logs record five types of events: Error Event: A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an Error will be logged. Warning Event: An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a Warning event will be logged. Information Event: An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged. Success Audit: An audited security access attempt that succeeds. For example, a user’s successful attempt to log on the system will be logged as a Success Audit event. Failure Audit: An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event. Glossary (2) Event Definitions April 16, 2019

17 Glossary (3) Event ID Definitions
Universal Group: A security or distribution group that can contain users, groups, and computers from any domain in its enterprise as members. Universal security groups can be granted rights and permissions on resources in any domain in its enterprise. Security Descriptor: A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access are audited of members of administrative groups. Note: every 60 minutes on a domain controller a background thread searches all members of administrative groups (such as domain, enterprise and schema administrators) and applies a fixed security descriptor on them. This event is logged. SECURITY_DISABLED: in the formal, name, means that this group cannot be used to grant permissions in access checks. Glossary (3) Event ID Definitions April 16, 2019

18 Lexicon: Event ID Examples
624: A User Account was created. 625: A User Account Type Change. 626: User Account enabled. 627: A User Password was changed. 628: A User Password was set. 629: User Account disabled. 630: A User Account was deleted. 631: Security Enabled Global Group created. 632: A Member was added to a global group. 633: A Member was removed from a local group. 634: A Global Group was deleted. 635: Security Disabled Local Group created. 636: A Member was added to a local group. 637: A Member was removed from a local group. 638: A Local Group was deleted. 639: A Local Group account was changed. 640: General Account Database change. 641: A Global Group Account was changed. 642: A User Account was changed. 644: A User Account was auto-locked. 645: A Computer Account was created. 646: A Computer Account was changed. 647: A Computer Account was deleted. 648: A Local Security Group with Security Disabled was created. 649: A Local Security Group with Security Disabled was changed. 650: A Member was added to a Security- Disabled Local Security Group. 651: A Member was removed from a Security- disabled Local Security Group. 652: A Security-disabled Local Group was deleted. 653: A Security-disabled Global Group was created. 654: A Security-disabled Global Group was changed. 655: A Member was added to a Security-disabled Global Group. 656: A Member was removed from a Security-disabled Global Group. 657: A Security-Disabled Global Group was deleted. 658: A Security-Enabled Universal Group. 659: A Security-Enabled Universal Group was changed. 660: A Member was added to a Security-Enabled Universal Group. 661: A Member was removed from a Security-enabled Universal Group. 662: A Security-enabled Universal Group was deleted. 663: A Security-disabled Universal Group was created. 664: A Security-disabled Universal Group was changed. 665: A Member was added to a Security-Disabled Universal Group. 666: A Member was removed from a Security-disabled Universal Group. 667: A Security-disabled Universal Group was deleted. 668: A Group was changed. 684: Set the Security Descriptor. 685: Name of an Account was changed. April 16, 2019

19 Contact us April 16, 2019

20 Visit our Web site http://www.net-report.net April 16, 2019

Download ppt "Net Report WMI Dashboard Summary"

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Creating and Submitting a Necessary Wayleave Application

Creating and Submitting a Necessary Wayleave Application
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
StaffOnline The New Look & Feel January 2015. StaffOnline Introduction In keeping up with new technology the StaffOnline has a new look and feel. This.

StaffOnline The New Look & Feel January StaffOnline Introduction In keeping up with new technology the StaffOnline has a new look and feel. This.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.

Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Navigation on Journal of Dairy Science ® An Overview June 2011.

Navigation on Journal of Dairy Science ® An Overview June 2011.
WELCOME TO THE AHIA CONNECTED COMMUNITY! HEALTHCARE INTERNAL AUDIT'S PROFESSIONAL THOUGHT LEADERSHIP COMMUNITY.

WELCOME TO THE AHIA CONNECTED COMMUNITY! HEALTHCARE INTERNAL AUDIT'S PROFESSIONAL THOUGHT LEADERSHIP COMMUNITY.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
ManageEngine ADAudit Plus A detailed walkthrough.

ManageEngine ADAudit Plus A detailed walkthrough.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
COMPREHENSIVE Excel Tutorial 8 Developing an Excel Application.

COMPREHENSIVE Excel Tutorial 8 Developing an Excel Application.
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.

Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.

1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.

Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
Introduction: This VCSS training session has been developed to provide : I.A quick overview of VCSS II.A walk through of the main VCSS features III.Solutions.

Introduction: This VCSS training session has been developed to provide : I.A quick overview of VCSS II.A walk through of the main VCSS features III.Solutions.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Similar presentations

Ads by Google