Windows Audit Settings Monitoring

Domotz allows users to audit policies available in Windows. You can monitor Windows Audit Settings using the custom script described on this page.

Windows's security audit policy settings provide broad security audit capabilities for client devices and servers.

The Domotz scripts use the WinRM protocol to access the Windows endpoint.

Windows audit settings script has been validated and tested on Windows 10 and Windows Server 2019 with PowerShell version 5.1.19041.2364.

You can find it in our examples library or customize it to fit your needs:

Integration Domotz + Windows Audit Settings

How to monitor Windows Audit Settings

Windows Audit Settings

By leveraging PowerShell commands, the Windows Audit Settings script enables Domotz users to monitor the following:

  • System (Security System Extension)
  • Logon/Logoff (Logon)
  • DS Access (Directory Service Replication)
  • Object Access (SAM)
  • Policy Change (Audit Policy Change)
  • Policy Change (Authentication Policy Change)
  • Policy Change (MPSSVC Rule-Level Policy Change)
  • Account Management (Computer Account Management)
  • Account Management (Security Group Management)
  • Account Management (User Account Management)
  • Ds Access (Directory Service Changes)

Full network visibility with ready-to-use scripts

Use the pre-configured scripts to monitor and manage network-connected devices, cloud services, and web applications. By using standard network protocols, the scripts will allow you to retrieve valuable data and execute actions on the monitored devices and services.

Build or customize scripts according to your network monitoring needs.

Additionally, you can apply customized alerts on scripts to be notified when a specific event occurs.

Windows Audit Settings Script additional notes

Windows Audit Settings

Check out some additional information about our Windows Audit Settings script:

  • The scripts use the WinRM protocol and PowerShell-based commands. As a result, proper configuration and credentials to access WinRM on the Windows endpoint are required before applying the script to the device in Domotz. You might check this KB article to see how to enable and configure WinRM for Domotz
  • Some security events will be triggered only if the corresponding audit setting in the Windows OS is enabled
  • The script comes with a suggested list of the audit settings you would like to monitor, but you can edit the filter object and customize the audit settings you would like to monitor. To see which audit settings you can monitor, please check out the commented filter object at the beginning of the driver code

Additional Resources:

Ready to get started with Domotz?

  • Powerful
  • Automated
  • Simple
  • Affordable
Start Your Free Trial

*no credit card required

Contact Sales