dcsimg

Cool RK Tools: The CyberSafe Security Analyst

By ServerWatch Staff (Send Email)
Posted Aug 29, 2000


Thomas Shinder

This morning I got up early and found myself looking for things to do in order to avoid the things I was supposed to be doing. In the process, I found myself rooting around in the Windows 2000 Server Resource Kit Help file, looking for Cool Tools worth trying out. It didn't take long before I hit upon a real gem.

This morning I got up early and found myself looking for things to do in order to avoid the things I was supposed to be doing. In the process, I found myself rooting around in the Windows 2000 Server Resource Kit Help file, looking for Cool Tools worth trying out. It didnt take long before I hit upon a real gem.

The CyberSafe Log Analyst

The Windows 2000 Server Resource Kit includes a tool called CyberSafe Log Analyst. This tool is an MMC Snap-in that helps you make sense out of your security log. Part of our daily routine is to check the security logs on all the servers. This can sometimes be a harrowing experience, because the chronological method of displaying information in the Event Log isn't the easiest way to turn data into information.

The CyberSafe Log Analyst can bring some order to your Security Log. It will take the contents of the Security Log and automatically create a series of reports that brings the data into sharper focus.

CyberSafe Log Analyst Reports

The reports that the CyberSafe Log Analyst provides are:

Activity by Target
The Report shows activity across the enterprise grouped by target

Activity by User
This Report shows activity across the enterprise grouped by User

Enterprise Activity Summary
This reports shows a summary of all activities across the enterprise

Enterprise Failed Login Activity
This report shows failed logins across the enterprise grouped by target

Enterprise Object Browsing by Target
This report shows enterprise object browsing by Target

Enterprise Object Browsing by User
This report shows enterprise object browsing by User

Enterprise Object Browsing by User & Target
This report shows enterprise object browsing by User & Target

Enterprise Virus Activity
This report shows points of potential virus activity grouped by target

Login Summary Report
This report Shows login activity across the enterprise

Target Statistics
This report shows per hours activity across the enterprise listed by Target

User Statistics
This reports shows per hour activity across the enterprise listed by User

Activity Signatures Search Out Suspicious Activity

The programs scans the Security Log looking for matches in its activity signatures database. These activity signatures are events or series of events which are considered to be suspicious and possibly indicative of computer misuse or abuse. The help file in the program includes a detailed list and explanation of the activity signatures that the Log Analyst looks for.

The reports look like typical out of the box Microsoft Access Reports, and believe it's the same report generating engine. Take a look at one of these reports below:

If you're stressing out over your daily security log overviews, I'm sure you'll agree that the CyberSafe Log Analyst will come in very handy!

Where the Heck is it?

The CyberSafe Security Analyst is not installed when you install the Windows 2000 Server Resource Kit tools. To install the program, search the Resource Kit CD for the \apps\loganalyst directory and run the setup program from there.

For More Information

For more information about the CyberSafe Log Analyst, read the Help File for the program after you have it installed.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.