Complete Visibility of Windows Systems


Windows auditing is a mechanism for tracking events. Knowing when and where these events occurred and who triggered them can help when doing Windows network forensics. It can also be very helpful with detecting certain types of problems like improper rights assignments in the file system.
SGBox includes Windows auditing capabilities, to help organizations remain compliant with data protection requirements, identify potential threats  early, and help to reduce the risk of a data breach.

Windows File System Audit

A specific set of Dashboard, Correlation Rules and Reports to monitor Windows file Server operation and show a who/where/when picture of what is going-on on your file servers.

Several predefined events are constantly monitored to collect files and folders operations like creation, deletion, change and read.
Predefined Correlation Rules set will warn about main suspicious activities on files and folder.
Predefined Reports can be scheduled to be always ready for any need and keep an historical trace of files and folders operation.

Windows Audit

A rich set of Dashboard, Correlation Rules and Reports, based on the log sent by Domain Controllers, Servers and workstation that will show a complete picture of all the meaningful activities on windows devices and map custom events.

Moreover, is it possible both to map custom events and create custom Dashboards, Correlation Rules and Reports.

Advanced Windows Audit

It is possible to collect in deep information about Windows machines operation such as process monitoring, registry operation, DNS queries, network connections and much more.

This capability is very useful to monitor critical servers operation and spot specific issue or suspicious activities related to the specific server functions. For example is it possible to be warned when a critical process ends or if a specific registry key is created, changed or deleted.

Predefined Monitor Events

Pre-configured Reports

Predefined Dashboards