Windows Monitoring Feature Overview


System Requirements

  • Windows 2012 R2
  • Minimum of 2 vCPUs / 4 GB RAM

See the Supported Operating Systems and Kernels article for more information.

Threat Stack provides the ability to monitor Windows instances, hosted in the cloud or on-premise.

Monitoring Windows instances with Threat Stack achieves similar levels of visibility to Linux host monitoring. And can help you achieve:

  • Compliance for Windows environments
  • The ability to cover a hybrid OS environment, Linux and Windows servers, or an all Windows environment

Supported Features

Windows Monitoring supports the following features:

Host Intrusion Detection
Includes user activity, process, and network activity. You can use this information to create alerts on abnormal user, process, and network behavior.
File Integrity Monitoring
Critical file activities that can trigger alerts, such as open, delete, create, and modify.
Threat Intelligence Activity
Connections to and from the monitored host that detect and alert on connections to and from malicious hosts
Event Log Monitoring
Also called "Windows Security Event Log Monitoring" refers to the security events that Threat Stack will alert on. Example of alerts:
  • Windows policy changes (event id 4732)
  • Windows system time changes (event id 4616)
  • Windows security group changes
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.