Document toolboxDocument toolbox

Windows Monitoring

Owned by Former user (Deleted)
Last updated: Mar 11, 2022
3 min read

Overview

The Windows Monitoring app is used to collect and visualize detailed system statistics from Windows systems. It allows you to analyze Windows events, users, and machines.

Installation

It can be installed from Exchange, Devo's marketplace for apps. Once installed it appears on the navigation panel under the Applications section.

This application requires your domain to have these table and data sources:

  • box.win 

After it has been installed, it is necessary to go to Roles Management. It is located in the Navigation Menu by clicking on Administration > Roles.  In Roles Management select the role that will use the application, then click on the Applications tab. Select Windows Monitoring and move it to the right.  Click Save.

 

You will need to log out using the logout option at the bottom of the navigation menu and then sign back in.

 

Do you need others to see this information as well? Activating the app will give access to all users in the domain so you do not need to worry about this.

Graphs and data presentation widgets

Windows Monitoring is a board, with different widgets containing graphs or data about Windows users and systems. It is similar in appearance to an Activeboard. The widgets are predefined and cannot be changed. 

All the data you need from Windows systems are presented in a series of widgets. They automatically generate content using data from the box.win table, where data from your Windows machines is stored when provided to Devo.

Settings

There is a gear icon at the top right side of Windows Monitoring. It opens the settings window that allows you to configure the date range of the data used to render the widgets.

Categories of data

The information is categorized by types and includes the analysis of Windows events for authentication, systems, and security, thus covering both user's behavior and system status use cases.

There are several views located each on its own tab. They collect related widgets. For example:

  • Overview

  • Authentication

  • System 

  • Security

Overview tab contains selections of all the widgets.

With Windows Monitoring it is possible to analyze:

  • Services installed

  • Objects deleted

  • Successful logins

  • EnventID log

  • Logins per day

  • Executed processes

  • applications installed

  • Applications removed

  • System Log

  • Failed logins

and many more.

Authentication view

The Authentication tab contains widgets such as:

  • Successful Logins

  • Logins per day from public IPS by username

  • Successful logins

System view

The System tab contains widgets such as:

  • Executed processes

  • Services installed

  • System logs

Security view

The Security tab contains widgets such as:

  • Applications installed

  • Applications removed

  • Applications install attempts

  • Applications removal success

  • Objects deleted

  • Access to removable objects