Windows Audit Settings Monitoring

By leveraging PowerShell commands, the Windows Audit Settings script enables Domotz users to monitor the following:

• System (Security System Extension)
• Logon/Logoff (Logon)
• DS Access (Directory Service Replication)
• Object Access (SAM)
• Policy Change (Audit Policy Change)
• Policy Change (Authentication Policy Change)
• Policy Change (MPSSVC Rule-Level Policy Change)
• Account Management (Computer Account Management)
• Account Management (Security Group Management)
• Account Management (User Account Management)
• Ds Access (Directory Service Changes)

Use the pre-configured scripts to monitor and manage network-connected devices, cloud services, and web applications. By using standard network protocols, the scripts will allow you to retrieve valuable data and execute actions on the monitored devices and services.

Build or customize scripts according to your network monitoring needs.

Additionally, you can apply customized alerts on scripts to be notified when a specific event occurs.

Check out some additional information about our Windows Audit Settings script:

• The scripts use the WinRM protocol and PowerShell-based commands. As a result, proper configuration and credentials to access WinRM on the Windows endpoint are required before applying the script to the device in Domotz. You might check this KB article to see how to enable and configure WinRM for Domotz
• Some security events will be triggered only if the corresponding audit setting in the Windows OS is enabled
• The script comes with a suggested list of the audit settings you would like to monitor, but you can edit the filter object and customize the audit settings you would like to monitor. To see which audit settings you can monitor, please check out the commented filter object at the beginning of the driver code