RE: Windows event auditing and reporting

["Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>]

Hi rs
Take a look at InterSect Alliance's Snare (client and server)

-----Original Message-----
From: rs
Sent: Monday, April 03, 2006 1:32 PM
To: security-basics () securityfocus com
Subject: Windows event auditing and reporting

Can anyone recommend a good tool that will alert and report on Windows 
Event logs, especially DC logs for events such as New user accounts, 
changed user accounts, deleted user accounts, locked user accounts, 
failed login attempts, expired passwords, dormant accounts, etc. We have

looked at both S.E.L.M from GFI (Reporting wasn't great) and Active 
Administrator from ScriptLogic (Reporting was great but event criteria 
was not customizable and it offers a ton of nice features that we don't 
necessarily need but would be paying for.) . Just wanted to see if there

was anything else out there that someone could recommend?

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------