A port scan that is initiated from a monitored host can be detect by monitoring Windows Filtering Platform event id 5156https://system32.eventsentry.com/security/event/5156 and applying a threshold filter. Sysmon cannot be used to detect port scans since it only logs successfully established connections. 1. Enable auditing to ensure that ...

KB-ID 508
Category: Security
Applies to: 5.1.1 and later

EventSentry can retrieve various device information such as disk space ampamp performance metrics via SNMP. This guide shows how to correctly configure and add a device to be monitored via SNMP. 1. Check/Enable/Configure Device to use SNMP 2. GUI: Adding devices 3. Verifying SNMP configuration 4. Viewing information in the web reports 5. ...

KB-ID 451
Category: Network Monitoring
Applies to: 3.1 and later

By monitoring 4688 events from the security event log and filtering on the process file size EventSentry can notify you if a large or small executable was launched. 1. Ensure that 4688 eventshttps://system32.eventsentry.com/security/event/4688 are being logged to the event log. See the link for more information on auditing requirements...

KB-ID 506
Category: Security
Applies to: 5.1.1.82 and later

By monitoring 4688 events from the security event log and filtering on the process file size EventSentry can notify you if an unsigned executable a file without a digital signature was launched. 1. Ensure that 4688 eventshttps://system32.eventsentry.com/security/event/4688 are being logged to the event log. See the link for more inform...

KB-ID 507
Category: Security
Applies to: 5.1.1.82 and later