- Events
-
Partners
- Government
- Customer Portal
- Contact Us
- Contact Sales
-
English
Windows Active Directory (AD) is important for coordinating security group management across servers, but doesn’t offer all the features admins need. Make sense of security log data more easily with SolarWinds® Security Event Manager (SEM). This audit logon tool can allow admins to search for specific logon/logoff activity and monitor relevant event logs for unusual user account activity.
Logon data is a central issue for identifying insider threats, since unusual logon events (and logoff events) can signal an anomaly in password-protected activity. With SEM, admins can view and change computer configurations within a centralized interface to better manage security settings for Active Directory, including Windows settings security, and privileged access settings.
Windows Active Directory is critical for configuring secure access to server data, but AD only goes so far in actively displaying and managing the activities of various users and groups. Admins need a straightforward interface to track user account settings and audit logon events.
SolarWinds SEM is built with an intuitive interface that includes searchable fields and interactive graphics, which allows you to more easily filter and manage AD instead of spending time manually sifting through its contents. Easily view different categories of security activity, like object access, policy change, and logon data, and get the custom charts you need to support streamlining security and compliance policies audits.
Privileged access management is a crucial security strategy that involves monitoring logon and logoff events to help reveal when a user is accessing data improperly and potentially posing a business risk. Conducting logon audits can also help support improving the system security with better transparency into user access data.
With SEM, you can easily audit logon events in AD to flag unusual logons. Get insight into information like date, time, username, and activity. SolarWinds SEM also includes an alert feature that can notify you about suspicious logon and logoff events, complete with automated security responses to disable bad actors, so you can better mitigate and prevent potential cybersecurity breaches by detecting and addressing malicious activity before it happens.
Compiling and sharing log data is a necessary requirement for many industry-specific security log audits. If you need to demonstrate compliance with regulations like HIPAA, SOX, DISA STIG, or others, you’ll likely need to perform regular, thorough event log audits.
SolarWinds SEM is designed to help users audit logon events, so they can more easily demonstrate compliance with a wide range of standards. For logon audits, SEM has a number of useful out-of-the-box authentication reports that can list authentications tracked by SEM, such as user logon, logoff, failed logon attempts, guest logons, logons by monitored devices, and more.
With SEM, you can also easily schedule these built-in or customized reports to automatically run and send reports to the correct recipients.
A logon (or logoff) event is an instance where a user logs into (or out) of a server. This activity will show up in the event logs, allowing admins to audit account logon events and gain visibility into logon activity. Logon events are important to monitor for security purposes since a primary way to detect a password-protected security breach from a cyberattacker can be through a logon event audit.
A logon event audit consists of collecting and analyzing log data of user activity to create a report that highlights critical information about logon/logoff events.
The starting point to auditing logon events is collecting the logon and logoff data, typically located in a directory service like Windows Active Directory (AD) where admins can configure security groups, manage privileged user information like logon credentials, and specify who can modify server data.
Using a security management software can help isolate user activity log data and to observe activity relevant to specific security concerns, such as logon or logoff instances. Specifically, a security information and event management (SIEM) software like SolarWinds SEM is built to monitor logon events in real time, compiling data and correlating trends to flag any unusual logon or pattern of logons and alert the central IT controller. If a logon event meets defined criteria, SEM is designed to be able to take immediate steps to protect the data and prevent additional user activity by disabling user accounts, logging off users, and blocking device IP addresses.
Auditing logon events should be a central strategy of your server security management protocol. While most user logons signal ordinary use, some user activity can signal breaches of approved use. Additionally, in many organizations there are certain privileged users granted greater access to sensitive data than others, so monitoring events for this user type is especially important. Users with greater access may be able to delete, modify, and even leak critical server data accidentally, or in the case with cyberattackers who gain these privileged user credentials through attacks like phishing, with malicious intent.
However, even the best-trained cybersecurity specialist may not always be able to detect unusual logon events with their own eyes. An effective logon audit often requires a program that can monitor all relevant components in real time and pick up on patterns or data discrepancies that may signal a security issue. To record logon event data in a reportable format, the SIEM software in SEM is built to support security data log auditing, since performing regular audits can help you keep track of security activity and demonstrate compliance.
SolarWinds Security Event Manager offers security log management designed to keep track of account logon events to help you identify activity that may signal an issue.
To configure Windows audit policy for SEM, you first need to modify the Windows audit policy using group policy at the domain controller and domain levels, so SEM can collect logs from your Windows system.
To set the Windows audit policy, use Group Policy Object Editor or a similar application to define the default policy so it includes Success and Failure for audit process tracking. If your server doesn’t have Active Directory deployed, these policies can also be configured at the local machine.
Once SolarWinds SEM is installed, you will be able to set your security audit log preferences to monitor a wide variety of security events—from logon events, to system events, to account management. After you’ve established your standards for monitoring logon events, SEM is built to provide industry-specific audit logs as well as live security alerts.
A logon (or logoff) event is an instance where a user logs into (or out) of a server. This activity will show up in the event logs, allowing admins to audit account logon events and gain visibility into logon activity. Logon events are important to monitor for security purposes since a primary way to detect a password-protected security breach from a cyberattacker can be through a logon event audit.
A logon event audit consists of collecting and analyzing log data of user activity to create a report that highlights critical information about logon/logoff events.
The starting point to auditing logon events is collecting the logon and logoff data, typically located in a directory service like Windows Active Directory (AD) where admins can configure security groups, manage privileged user information like logon credentials, and specify who can modify server data.
Using a security management software can help isolate user activity log data and to observe activity relevant to specific security concerns, such as logon or logoff instances. Specifically, a security information and event management (SIEM) software like SolarWinds SEM is built to monitor logon events in real time, compiling data and correlating trends to flag any unusual logon or pattern of logons and alert the central IT controller. If a logon event meets defined criteria, SEM is designed to be able to take immediate steps to protect the data and prevent additional user activity by disabling user accounts, logging off users, and blocking device IP addresses.
Auditing logon events should be a central strategy of your server security management protocol. While most user logons signal ordinary use, some user activity can signal breaches of approved use. Additionally, in many organizations there are certain privileged users granted greater access to sensitive data than others, so monitoring events for this user type is especially important. Users with greater access may be able to delete, modify, and even leak critical server data accidentally, or in the case with cyberattackers who gain these privileged user credentials through attacks like phishing, with malicious intent.
However, even the best-trained cybersecurity specialist may not always be able to detect unusual logon events with their own eyes. An effective logon audit often requires a program that can monitor all relevant components in real time and pick up on patterns or data discrepancies that may signal a security issue. To record logon event data in a reportable format, the SIEM software in SEM is built to support security data log auditing, since performing regular audits can help you keep track of security activity and demonstrate compliance.
Security Event Manager
Keep track of logon data with an intuitive interface
Document audit logon events to demonstrate compliance
Detect unusual logon events and block them before it’s too late
