PingSentry | Blog | System32 | GitHub | Free tools

Validation Scripts

Real-time alerts, dashboards & structured search analysis

Image Description

Establish best practices across your infrastructure

Free 30-day evaluation

Out-of-the-box security controls

Simplified compliance

CMMC v2.0 Compliance STIG

NIST 800-171 Servers Desktops

EventSentry Validation Scripts

Flexible Dashboards

Help you keep an eye on important metrics to ensure you stay up to date.

Reporting

Includes ready-to-run reports that can be scheduled, emailed or run on-demand.

Full SIEM

EventSentry includes log, FIM, AD & network traffic monitoring - in one single product.

Security

Alert on suspicious processes, malicious network activity, port scans and more.

Validation

Validate security settings across your entire Windows network against required and recommended settings.

Health / Inventory

EventSentry also offers a complete software, hardware inventory along with health monitoring.

"In a day and age where everything has a maintenance agreement, this is one of the few that stand out as being genuinely worthwhile. The technician support is fantastic, the updates are regular and timely, and the product works like it is supposed to." >> READ MORE

Jamie H. (Director of IS&T, HIPAA Security Officer, PrimeWest Health)

"EventSentry’s multifaceted feature set has helped NMFTA predict and avoid Windows Server® crashes, Microsoft® SQL Server® failures, configuration problems in its VMware® environment, and malicious attacks against workstations and servers." >> READ MORE

Urban Jonson (CTO of NMFTA)

Perpetual License

You own the license

No Data Limit

Avoid unexpected costs

No Sensor Limit

Full visibility of your network

Your metrics at a glance

Built-in dashboards:

Active Directory Changes
Network Traffic / Bandwidth
Heartbeat / Availability
Server Health
Performance

Easily create your own dashboards

Normalized Security Events

EventSentry translates complex security events into easy to understand, actionable reports.

Logon Failures

Affordable Event Log Monitoring Software

1

Start an evaluation

FREE fully functional for 30-days
2

Install EventSentry

Quick installation / Monitor in minutes
3

Monitor your infrastructure

Peace of mind included

Complete list of Validation Scripts

Accounts: Administrator accounts must not be enumerated during elevation

Accounts: Automatic logons must be disabled

Accounts: Block Microsoft accounts

Accounts: Built-in Administrator account must be renamed

Accounts: Built-in Guest account must be renamed

Accounts: Deny log on locally user right must be configured to prevent access from highly privileged domain accounts

Accounts: Local accounts with blank passwords must be restricted to prevent access from the network

Accounts: Local Admin accounts must have their privileged token filtered to prevent elevated privileges used over the network

Accounts: Local Administrator account should be disabled

Accounts: Local Guest account should be disabled

Accounts: must be configured to enable Remote host allows delegation of non-exportable credentials

Accounts: must disable automatically signing in the last interactive user after a system-initiated restart

Accounts: Must require passwords

Accounts: User Account Control approval mode for the built-in Administrator must be enabled

Accounts: User Account Control must automatically deny standard user requests for elevation

Accounts: User Account Control must be configured to detect application installations and prompt for elevation

Accounts: User Account Control must run all administrators in Admin Approval Mode, enabling UAC

Accounts: User Account Control must virtualize file and registry write failures to per-user locations

Accounts: Users must be prompted to authenticate when the system wakes from sleep (on battery)

Accounts: Users must be prompted to authenticate when the system wakes from sleep (plugged in)

Accounts: Users must be required to enter a password to access private keys stored on the computer

Attack Surface: Disable LLMNR

Attack Surface: Disable WinRM (Windows Remote Management)

Auditing: Command line data must be included in process creation events

Auditing: Event Log / Viewer must be protected from unauthorized modification and deletion

Auditing: Event Log size for Application log must be at least 32768 KB

Auditing: Event Log size for Security log must be at least 196608 KB

Auditing: Event Log size for System log must be at least 32768 KB

Auditing: Must force audit policy subcategory settings to override audit policy category settings

Auditing: Policy subcategories should be enabled

Auditing: Removable Storage

Autoplay: Autoplay Must be turned off for non-volume devices

Autoplay: should be disabled for all drives

Autorun: behavior must be configured to prevent Autorun commands

Compliance: BitLocker should be configured in FIPS mode

Compliance: BitLocker should use AES 256 encryption

Credentials: WDigest Authentication must be disabled

Debug programs: user right must only be assigned to the Administrators group

Directory Size: WinSxs\Temp\PendingDeletes

Domain Controller: Health - DCDiag - Errors

Domain Controller: Health - DCDiag - Warnings and Errors

Domain Controller: IPv6 Should be enabled

Domain Controller: Must be configured to allow reset of machine account passwords

Domain Controller: Must require LDAP access signing

Domain Controller: Permissions on the Active Directory data files must only allow System and Administrators access

Domain Controller: SYSVOL directory must have proper access control permissions

Domain Controller: The password for the krbtgt account on a domain must be reset at least every 180 days

Domain Controllers: Accounts: Deny log on locally user right must be configured to prevent access from highly privileged domain accounts

Domain Member: Must be running Credential Guard on domain-joined members

Domain Member: Caching of logon credentials must be limited

Domain Member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled

Domain Member: Digitally encrypt secure channel data (when possible) must be configured to enabled

Domain Member: Digitally sign secure channel data (when possible) must be configured to Enabled

Domain Member: Group policy objects must be reprocessed even if they have not changed

Domain Member: Hardened UNC paths must require mutual authentication and integrity for at least \\*\SYSVOL and \\*\NETLOGON shares

Domain Member: LDAP client signing requirements

Domain Member: local users on domain-joined member servers must not be enumerated

Domain Member: Maximum age for machine account passwords must be configured to 30 days or less

Domain Member: Windows Server must limit the caching of logon credentials to four or less

Exchange Server: Build Version Check (Exchange Updated)

File System: Back up files and directories user right must only be assigned to the Administrators group

File System: File Explorer shell protocol must run in protected mode

File System: Windows must prevent Indexing of encrypted files

FIPS 140: Security Requirements for Cryptographic Modules

General: AntiVirus/Antimalware Status

General: Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers identified as bad

General: Machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver

General: Printing over HTTP must be turned off

General: Solicited Remote Assistance must not be allowed

General: Windows Defender SmartScreen must be enabled (Desktop)

General: Windows Defender SmartScreen must be enabled (Server)

General: Windows firewall status

General: Windows must prevent the display of slide shows on the lock screen

Info: Check Windows 11 Upgrade Readiness

Internet Browser: Attachments must be prevented from being downloaded from RSS feeds

Internet Browser: Basic authentication for RSS feeds over HTTP must not be used

Internet Browser: Check digital signature of executables

Internet Browser: Software must be disallowed to run or install with invalid signatures

Internet Information System (IIS) or its subcomponents must not be installed on a workstation

Local volumes must be formatted with NTFS

Logon: Enable Display Last Logon Info

Logon: Network selection UI must not be displayed

Logon: Require CTRL+ALT+DEL for interactive logons

Logon: Required legal notice must be configured to display before console logon

Microsoft Edge: SmartScreen filter must be enabled

Microsoft Edge: Users must not be allowed to ignore SmartScreen filter warnings for unverified files

Microsoft Office: Application Guard for Office should be enabled

Microsoft Office: Check Activation Status

Network Access: Disable SMBv1

Network Access: Do not allow anonymous enumeration of SAM accounts and shares

Network Access: Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites

Network Access: LAN Manager authentication level must be configured to send NTLMv2 response only and refuse LM and NTLM

Network Access: Microsoft network Client: Digitally sign communications (always) must be configured to Enabled

Network Access: Microsoft network Client: Digitally sign communications (if server agrees) must be configured to Enabled

Network Access: Microsoft network Server: Digitally sign communications (always) must be configured to Enabled

Network Access: Microsoft network Server: Digitally sign communications (if client agrees) must be configured to Enabled

Network Access: Must be configured to prevent anonymous users from having the same permissions as the Everyone group

Network Access: Must prevent NTLM from falling back to a Null session

Network Access: Restrict anonymous access to Named Pipes and Shares

Network Access: Restrict remote calls to the Security Account Manager [SAM] to Administrators

Network Access: Services using Local System when reverting to NTLM authentication must use computer identity

Network Access: Session security for NTLM SSP-based clients must require NTLMv2 session security and 128-bit encryption

Network Access: Session security for NTLM SSP-based servers must require NTLMv2 session security and 128-bit encryption

Network Access: Setting Microsoft network server: Digitally sign communications (if client agrees) must be Enabled

Network Access: Unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers

Network: Internet Protocol version 6 (IPv6) source routing must use highest protection level to prevent IP source routing

Network: Simple TCP/IP Services must not be installed on the system

Passwords: Enforce history

Passwords: Maximum Age

Passwords: Minimum length

Passwords: Minimum Password Age

Passwords: Storing LAN Manager hash

PowerShell: Script block logging must be enabled

PowerShell: v2 should not be installed / enabled

Printing: Prevent users from installing printer drivers

Privacy: Application Compatibility Program Inventory must not collect and send data to Microsoft

Privacy: Windows location services should be disabled

Privacy: Windows Telemetry Should Be Disabled

Remote Desktop Services: Idle session time limit

Remote Desktop Services: Must always prompt a client for passwords upon connection

Remote Desktop Services: Must be configured to set a time limit for disconnected sessions (Server 2012)

Remote Desktop Services: Must be configured with the client connection encryption set to High Level

Remote Desktop Services: Must not save passwords in the Remote Desktop Client

Remote Desktop Services: Must prevent drive redirection

Remote Desktop Services: Must require secure Remote Procedure Call (RPC) communications

Remote Management: Unauthenticated RPC clients must be restricted from connecting to the RPC server

Remote Management: Windows Remote Management (WinRM) client must not allow unencrypted traffic

Remote Management: Windows Remote Management (WinRM) client must not use Basic authentication

Remote Management: Windows Remote Management (WinRM) client must not use Digest authentication

Services: List services containing a space in service path not enclosed in quotes

Shutdown: Clear virtual memory pagefile

Threat Intel: Confluence Security Advisory 2022-06-02 - CVE-2022-26134 - Critical

Threat Intel: Log4j Remote Code Execution - CVE-2021-44228/CVE-2021-45046

Threat Intel: Microsoft Support Diagnostic Tool Vulnerability CVE-2022-30190

Threat Intel: PetitPotam Certificate Enrollment Web Service on Domain Controller

Threat Intel: PetitPotam NTLM Relay Attack: Disable NTLM Incoming Traffic on DCs

TLS/SSL Insecure Ciphers (SCHANNEL)

Tracking: The location feature must be turned off

Tracking: Windows Telemetry must not be set to Full

Virtualization: Hyper-V: Virtual Disks Folder Free Space Under 2GB

Virtualization: VirtualBox Tools Installed

Virtualization: VMWare Tools Installed

Windows Installer: Disable "Always install with elevated privileges" option

Windows Installer: Must prevent users from changing installation options

Windows Installer: Users must be notified if a web-based program attempts to install software

Windows OS: Build Version Check (End Of Life)

Windows OS: Build Version Check (OS Updated)

Windows OS: Data Execution Prevention (DEP) must be configured to at least OptOut

Windows OS: Must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store

Windows OS: Must not have the Fax Server role installed

Windows OS: Must not have the Microsoft FTP service installed

Windows OS: Must not have the Peer Name Resolution Protocol installed

Windows OS: Must not have the Telnet Client Installed

Windows OS: Must not have the TFTP Client Installed

Windows OS: Secure Boot must be enabled

Windows OS: Virtualization-based security must be enabled with platform security level set to Secure Boot

Windows OS: Windows Activation Status

We now include 157 validation scripts out of the box!