App - Windows

 

Name

Microsoft Windows

Versions

N/A

Type

Operating System

Logtypes

windows, application, security, system

 

In order to deploy the Windows App use the following page to prepare the log data - Preparing Windows Event Logs Data.

Deploying the App

  1. Deploy the Microsoft Windows App available in the XpoLog Windows setup or by getting the App package from XpoLog website.

  2. Once the App is successfully deployed (by default) all logs tagged in logtype: windows, application, security, system will be included  App. To change that simply edit the App and specify which logs to include or exclude.

Open and Use the App

  1. Click on the deployed App.

  2. When the App will open you will see a list of available predefined dashboards. In each dashboard you can find a set of visualization widgets, rules and searches that analyze the Microsoft Windows event logs. 

Windows Dashboards and Widgets

The Windows application contains a set of dashboards:

  • Overview - a general overview of the Windows environment including required restarts, updates errors, policy changes, etc.

  • Events Viewer - a console that enables events view from selected servers/domains/logs.

  • Events Statistics - general statistics of top used sources, categories, types and event codes.

  • Audit - a high level analysis of top applications, sources, users operations, events, etc.

  • Trends - logging activity of servers and logs over time last 1 day vs. last 7 days.

  • Users Overview - users activity review such as logons over time, top users operations report, logons vs. logoffs, etc.

  • Application Installs - a report of total installed applications failed and successful.

  • Application Crashes - a report of applications crashes by event/host.

Use the user inputs while viewing a dashboard to filter the view to the desired values such as servers, domains, accounts, etc.