1 / 20

Net Report WMI Dashboard Summary

Net Report WMI Dashboard Summary. Fourth Quarter 2005. Table of Contents. 1. WMI Dashboard Concept. 2. WMI Dashboard Structure and Navigation. 3. Glossary and Lexicon. 1. WMI Dashboard Concept. WMI and Net Report. Windows Management Instrumentation (WMI):.

jacqueline-burks
Download Presentation

Net Report WMI Dashboard Summary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Net Report WMI Dashboard Summary Fourth Quarter 2005

  2. Table of Contents 1. WMI Dashboard Concept 2. WMI Dashboard Structure and Navigation 3. Glossary and Lexicon www.net-report.net

  3. 1. WMI Dashboard Concept www.net-report.net

  4. WMI and Net Report Windows Management Instrumentation (WMI): “.. an API in the Windows OS enabling devices and systems in a network, (i.e. enterprise networks) to be managed and controlled, setting information on workstations, applications and networks…” Net Report WMI Dashboards: • Analyze and Report onMicrosoft (Windows  2000, NT, 2003, XP) Event Viewer Logs 24/7: • Application Logs. • Security Logs. • System Logs. • Increase Visibility on your Enterprise’s Applications, Security & Systems in real-time. www.net-report.net

  5. Net Report Event Viewer Log Analysis Focus on Potential Security Threats: Your Enterprise’s Application, Security & System risks in real-time. Check Security Policies are Respected & Appropriate:Track User Trends 24/7, follow suspicious out-of-hours activity. Ensure Data Confidentiality, Integrity & Availability:Benefit from Net Report auto-audit options. Economize your Enterprise Management Costs & TCO: Benefit from our Centralized Business Intelligence Solution. Benefit from Versatile Drill-down Features Net Report Filter to drill-down to the exact data you need, to avoid you wading through reams of log data, we highlight the important information! www.net-report.net

  6. Net Report Dashboard Concept Consolidated Dashboards • Net Report interprets and presents your Event log data Statistics in easy-to-read, categorized, graphical Dashboards. Customized Dashboards • Dashboards generated with the Parameters you entered in the Net Report Web Portal. • Add your company logos. Chronologically Interlinked Dashboards • Dynamic Previous and Next arrows enable you to navigate between reports from different days, months and years. Versatile Drill-down • Intuitive drill-down to the information you need. www.net-report.net

  7. Net Report WMI Dashboard Example • General WMI Statistics for all three Logs: Application, Security and System Logs. • Graphs of Events by Hour of the Day. • Top n Log Activity per User. • Number of Security Events by Category. • Top Failed Logons. • Detailed Tracking: Most Active File/Directory user, most accessed File/Directory. www.net-report.net

  8. 2. WMI Dashboard Structure and Navigation www.net-report.net

  9. Three Major Sections • 1. General WMI Three-Log Activity Statistics • What is the number of specific event types logged (in the Application, Security and System Logs) by hour for my organization? • Who is clearing their Security Audit Log? • What Log Activity Events are logged by my Enterprise? • 2. Security Log Event Statistics • What are the Successful/Failure Logon/Logoff Event Figures for my enterprise? Is there any Suspicious Out-of-hours Activity? • Is my Enterprise a victim of Privilege Escalation? Is the Security Privilege Use Policy appropriate? • Who is changing Security Policy within my Enterprise? • Who is making Account changes – do they have Admin rights? Net Report WMI Dashboards • 3. File/Directory Access Statistics • Who accesses Files/Directories the most often? • What Files/Directories do they access the most? • Is my Corporate Data Security Policy Effective? www.net-report.net

  10. Get the Info you Need: Bookmarks 1. General WMI Three-Log Activity Statistics 2. Security Log Event Statistics 3. File/Directory Access Statistics www.net-report.net

  11. Front Page Hyperlinks 1. General Three-Log Activity Statistics 1. General Three-Log Activity Statistics 1. General Three-Log Activity Statistics 2. Security Log Event Statistics 2. Security Log Event Statistics 1. General Three-Log Activity Statistics 3. File/Directory Access Statistics www.net-report.net

  12. Front Cover – Interactive Features Dashboard Home Link via the WMI Icon Bookmarks Previous and Next Arrows Date and Time Dashboard was Generated Net Report Web Site and Page Numbers Key Points: Hyperlinks: Each Table, Graph, Diagram and label is hyperlinked to the relevant point in the Dashboard Report (“Dashboard”). Simply click the Table, Graph or part of the Diagram you are interested in to go to the detailed breakdown in the Dashboard.Dashboard Home Link via the WMI Icon: click the WMI icon in the top right corner on any page to return to the Dashboard home page. Previous and Next Arrows: Easily navigate between Dashboards from month-to-month or day-to-day (i.e. with Daily or Monthly Dashboards). Date and Time Dashboard was Generated: You can also add additional Parameters via the Net ReportWeb Portal. When the Parameter is GNORE this means that no information has been submitted or that no information is available. Bookmarks: Easily view the Table of Contents for the Dashboard, easily navigate through the Dashboard at any Time via the Bookmarks tree structure in the left pane of the Dashboard. www.net-report.net

  13. Front Cover – Bookmarks • Bookmarks: Your Table of Contents • Importance: View the Bookmarks tab in the left pane of your *.pdf Dashboard to use the Table of Contents. • Tree Structure: Click the plus sign adjacent to the Report title you are interested in to expand the branches and access the Report. • Easy Navigation: Click the Report title you want,to go directly to the sub-report in the Dashboard. • Customized Parameters: You specify the Parameters you want in the Net Report Web Portal. For example, the Top n … you select whether you want the top 5, 10, 60, 100 and so on. • Note: This Presentation follows the tree structurein the Bookmarks tab to your left. www.net-report.net

  14. 3. Glossary and Lexicon www.net-report.net

  15. Log Types • Application Log: Contains events logged by applications or programs. • Security Log: Records events such as valid and invalid logon attempts, as well as events related to resource such as creating, opening or deleting files or other objects. An administrator can specify what events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log. • System Log: Contains events logged by Windows System components. Glossary (1) Log Definitions www.net-report.net

  16. Event Types • The format and contents of the event description vary, depending on the event type. The description is often the most useful piece of information, indicating what happened or the significance of the events. The event logs record five types of events: • Error Event: A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an Error will be logged. Warning Event: An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a Warning event will be logged. Information Event: An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged. Success Audit: An audited security access attempt that succeeds. For example, a user’s successful attempt to log on the system will be logged as a Success Audit event. Failure Audit: An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event. Glossary (2) Event Definitions www.net-report.net

  17. Event ID Definitions • Universal Group: A security or distribution group that can contain users, groups, and computers from any domain in its enterprise as members. Universal security groups can be granted rights and permissions on resources in any domain in its enterprise. • Security Descriptor: A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access are audited of members of administrative groups. Note: every 60 minutes on a domain controller a background thread searches all members of administrative groups (such as domain, enterprise and schema administrators) and applies a fixed security descriptor on them. This event is logged. • SECURITY_DISABLED: in the formal, name, means that this group cannot be used to grant permissions in access checks. Glossary (3) Event ID Definitions www.net-report.net

  18. Lexicon: Event ID Examples • 624: A User Account was created. • 625: A User Account Type Change. • 626: User Account enabled. • 627: A User Password was changed. • 628: A User Password was set. • 629: User Account disabled. • 630: A User Account was deleted. • 631: Security Enabled Global Group created. • 632: A Member was added to a global group. • 633: A Member was removed from a local group. • 634: A Global Group was deleted. • 635: Security Disabled Local Group created. • 636: A Member was added to a local group. • 637: A Member was removed from a local group. • 638: A Local Group was deleted. • 639: A Local Group account was changed. • 640: General Account Database change. • 641: A Global Group Account was changed. • 642: A User Account was changed. • 644: A User Account was auto-locked. • 645: A Computer Account was created. • 646: A Computer Account was changed. • 647: A Computer Account was deleted. • 648: A Local Security Group with Security Disabled was created. • 649: A Local Security Group with Security Disabled was changed. • 650: A Member was added to a Security-Disabled Local Security Group. • 651: A Member was removed from a Security-disabled Local Security Group. • 652: A Security-disabled Local Group was deleted. • 653: A Security-disabled Global Group was created. • 654: A Security-disabled Global Group was changed. • 655: A Member was added to a Security-disabled Global Group. • 656: A Member was removed from a Security-disabled Global Group. • 657: A Security-Disabled Global Group was deleted. • 658: A Security-Enabled Universal Group. • 659: A Security-Enabled Universal Group was changed. • 660: A Member was added to a Security-Enabled Universal Group. • 661: A Member was removed from a Security-enabledUniversal Group. • 662: A Security-enabled Universal Group was deleted. • 663: A Security-disabled Universal Group was created. • 664: A Security-disabled Universal Group was changed. • 665: A Member was added to a Security-Disabled Universal Group. • 666: A Member was removed from a Security-disabled Universal Group. • 667: A Security-disabled Universal Group was deleted. • 668: A Group was changed. • 684: Set the Security Descriptor. • 685: Name of an Account was changed. www.net-report.net

  19. Contact us sales@netreport.fr www.net-report.net

  20. Visit our Web site http://www.net-report.net www.net-report.net

More Related