AlienVault® USM Anywhere™

Windows Authentication Dashboard

Role Availability Read-Only Analyst Manager

This Windows Authentication dashboard displays data when your environment includes Microsoft Windows security auditing events.

The Windows Authentication Dashboard

Widgets in the Windows Authentication Dashboard
Widgets Description
Logon Session Events Displays the logon session events like successful logon, user initiated logoff, logon failure, remote desktop session reconnected/disconnected, workstation locked/unlocked, and screen saver invoked/dismissed.
Logon types Displays the logon types like interactive, network, batch, service, unlock, network cleartext, remote desktop, and logon with cached credentials.
Domain Controller Authentication Events Top authentication events received by the Domain Controller. For example: Kerberos tickets of any type (authentication, services).
Logon Failure Reasons Top logon failure reasons in the Active Directory. For example: incorrect usernames or bad passwords.
Kerberos Failure Codes Top error codes generated by Kerberos service. For example: errors received during authentication and service requests.
Ticket Encryption Type Pie chart containing the different encryption types used in Kerberos. For example: DES, RC4, AES, etc.
Ticket Pre-Authentication Type Pie chart containing the different Pre-Authentication types used in Kerberos. For example: timestamp, salt, etc.
Authentication Package Top Active Directory authentication packet types. For example: Kerberos or NTLM.
User Account Changes Displays the user account changes like created, enabled, disabled, deleted, etc.
Group Changes Displays the group changes like created, changed, deleted. It also displays if a member has been added or removed.
Remote Desktop Sessions Sankey diagram containing remote connections between the different users and destination hosts.