Starting with version 4.2.3 EventSentry supports custom threat feedshttps://www.eventsentry.com/documentation/help/html/configglobaloptions.htm black lists in addition to the builtin threat feeds. EventSentry loads additional IP address from the following file: systemroot\system32\eventsentry\temp\eventsentrythreatintelcustom.tmp...
Sysmonhttps://docs.microsoft.com/enus/sysinternals/downloads/sysmon is a free driverbased utility that supplements Windows39s builtin audit capabilities. Combining Sysmon with EventSentry39s monitoring capabilities enables users to detect a number of potential threats on their monitored servers and workstations. Scythehttps://www.scyt...
EventSentry can integrate with Decalage39s oletools https://github.com/decalage2/oletools to scan Microsoft Office files on your hosts for threats. This is useful for example if you have a file server where you would like to monitor all newly added Office documents and scan for threats. EventSentry will detect newly added Office documents ...
EventSentry has a dashboard you can import into Web Reports that is designed to help detect insider threats. To install it first download it from this link: resource 39 Save this file to the following path on the EventSentry server: C:\Program Files\EventSentry\WebReports\web\webapps\ROOT\WEBINF\application\conf\ Then follow the ...
