ESM technologies (catching unsuccessful logins, other Windows critical events)

["Merlino, Thomas" <tmerlino () MERCYHURST EDU>]

Good morning,

 

I wanted to take a moment and see what your thoughts are on ESM
technologies that are out there?  More specifically, I'm looking for
something that sits on the network that will automatically alert us if
we see multiple unsuccessful logins or even general Windows events that
could be signaling something bigger so we can catch the problem before
it "blows up."

 

We have an ESM device in place, but it's not very straightforward and
tends to require quite a lot of "babysitting" as far as reading reports
every morning, etc.  I'd like to have something in place that would
actually alert us (via pager or otherwise) at the time that a specific
criteria is met as far as Windows event logging goes.

 

Any help or guidance on this subject would be greatly appreciated.

 

Thank you,

 

Thomas Merlino, Jr. | Mercyhurst College | Technical Administrator for
Information Technology

Phone: 814.824.3240 | Fax: 814.824.3009 | E-mail:
tmerlino () mercyhurst edu

 

Schedule - Week Beginning Monday, December 10th:

Mo: 7 AM - 3 PM | Tu: 7 AM - 3 PM | We: 7 AM - 3 PM | Th: 6 AM - 2 PM |
Fr: 7 AM - 3 PM 

 

This electronic message (including all attachments) is intended only for
the addressee(s).  This electronic message may contain confidential
and/or proprietary information and is not intended for unauthorized
redistribution.  The unapproved use, dissemination, distribution, and/or
reproduction of this electronic message, including attachments, is
prohibited and may be unlawful.