Windows Security Template
Quickly unlock insights and gain visibility into your Windows server with Mezmo Views, Boards, and Screens templates. Interested in other templates? Browse the full library of Mezmo Templates.


What is the Mezmo Windows Security Template?
The Windows Security Template allows you to quickly gain insights into excessive login attempts, audits on cleared logs, or anomalous access patterns. Set up alerts to monitor when unexpected events happen or use our dashboards to get constant visibility into the access patterns of your servers.
Prerequisites
The Windows Security Template requires NXLog to be set up to collect security event logs. Simply uncomment the
<Select Path='Security'>*</Select>
line in your NXLog config file and restart NXLog to apply changes. See here for more information about our NXLog integration. The Windows Security Template will not work with other integrations such as FluentD.


Included in the Windows Security Template
Views
- 1102 / Audit log cleared (Recommended to Alert On)
- 4616 / System time was changed
- 4624 / Successful account log on
- 4625 / An account failed to log on
- 4634 / An account logged off
- 4720 / User account created
- 4725 / Disabled account
- 4740 / Locked account
- 4946 / Firewall exception added
- 5025 / Windows Firewall stopped (Recommended to Alert On)
Boards
- Windows Server Activity
- Events Count by Channel
- Failed Logins
- Successful Logins
Screens
- Security log events daily and weekly trends
- Distribution of log events by event id
- Distribution of log on events by user name
- Total successful and failed authentications per week
- Total log events per week
Have any feedback or thoughts on our Template Library? Join our forum and let us know!
Updated about 1 month ago