Take a Product Tour
Explore the user interface, features, and capabilities of Logmanager
Quick Start Guide
Deploy Logmanager in your virtual environment
Join our Team
Explore open job opportunities and become part of a team building meaningful technology.
Authentication logs are often the fastest way to determine whether a configuration issue was caused by a normal administrative action or by something more suspicious. This workflow is useful for network investigations because it lets you review historical login activity quickly and narrow it to a specific switch and time period.
Open the log overview dashboard and filter for logs coming only from network switches. Then add another filter for successful logins so the result set contains authenticated access only.
Set the time interval to the period that matters for your investigation. In the example, the second week of November is selected so the results focus on the time around the suspected misconfiguration.
If suspicion is focused on one device, add that device as another filter. For example, narrowing the search to the headquarters switch makes it easier to review only access tied to that asset.
Add the username field or filter for it directly. If the results show only a known authorized user, that is a strong sign the incident was likely a normal mistake rather than malicious access.
Parser for Cohesity
Download the ready-made parser for Cohesity.
How to Monitor and Maintain Logmanager Health
Learn how to maintain peak Logmanager performance.
Global Filter for Different Groups of Windows Sources
Configure all your Windows Agents with a single action.
Contextual Alert to Identify Firewall Brute Force Attack Sources
Download the contextual alert template.