Nonfunctional Dashboard Example
🛡 EventGuard Dashboard
3 Computers | 4,821 Rows | DB: 12.4 MB | 2026-03-29 08:47:12
👤 admin
Health Report
Logout
4,821
Total
14
Errors
37
Warnings
9
Audit Failures
4,761
Audit Success
Showing 18 events (newest first)
Click row to copy
| Logged | Channel | ID | Level | Keywords | Source | Description | Computer |
|---|---|---|---|---|---|---|---|
| 2026-03-29 08:46:03 | Application | 9013 | Error | Classic | EventGuard | EventGuard CRITICAL: Security audit log cleared on DC01. Possible attempt to cover tracks. The audit log was cleared. Subject: Security ID: CORP\jsmith | DC01 |
| 2026-03-29 08:44:51 | Application | 9001 | Warning | Classic | EventGuard | EventGuard Alert: 7 failed logons (Event 4625) from WORKSTATION01 in the last 10 minutes. | DC01 |
| 2026-03-29 08:44:38 | Security | 4625 | Information | Audit Failure | Microsoft-Windows-Security-Auditing | An account failed to log on. Subject: Security ID: NULL SID. Account For Which Logon Failed: Account Name: administrator. Failure Reason: Unknown user name or bad password. | WORKSTATION01 |
| 2026-03-29 08:44:21 | Security | 4625 | Information | Audit Failure | Microsoft-Windows-Security-Auditing | An account failed to log on. Subject: Security ID: NULL SID. Account For Which Logon Failed: Account Name: administrator. Failure Reason: Unknown user name or bad password. | WORKSTATION01 |
| 2026-03-29 08:44:07 | Security | 4625 | Information | Audit Failure | Microsoft-Windows-Security-Auditing | An account failed to log on. Subject: Security ID: NULL SID. Account For Which Logon Failed: Account Name: administrator. Failure Reason: Unknown user name or bad password. | WORKSTATION01 |
| 2026-03-29 08:43:55 | Application | 9003 | Warning | Classic | EventGuard | EventGuard Alert: Account locked out (Event 4740) on DC01. Source: Microsoft-Windows-Security-Auditing. A user account was locked out. Account Name: administrator | DC01 |
| 2026-03-29 08:43:48 | Security | 4740 | Information | Audit Success | Microsoft-Windows-Security-Auditing | A user account was locked out. Subject: Security ID: SYSTEM. Account That Was Locked Out: Account Name: administrator. Additional Information: Caller Computer Name: WORKSTATION01 | DC01 |
| 2026-03-29 08:31:14 | Application | 9011 | Warning | Classic | EventGuard | EventGuard Alert: New service installed (Event 7045) on FILESERVER01. Source: Service Control Manager. Service Name: SuspiciousSvc File Name: C:\Windows\Temp\svc.exe | DC01 |
| 2026-03-29 08:31:08 | System | 7045 | Information | Classic | Service Control Manager | A new service was installed in the system. Service Name: SuspiciousSvc. Service File Name: C:\Windows\Temp\svc.exe. Service Type: user mode service. Service Start Type: auto start. Service Account: LocalSystem | FILESERVER01 |
| 2026-03-29 07:55:02 | Application | 9004 | Warning | Classic | EventGuard | EventGuard Alert: User account created (Event 4720) on DC01. Source: Microsoft-Windows-Security-Auditing. New Account Name: tempuser99. Created By: CORP\jsmith | DC01 |
| 2026-03-29 07:52:44 | Security | 4624 | Information | Audit Success | Microsoft-Windows-Security-Auditing | An account was successfully logged on. Subject: Security ID: SYSTEM. New Logon: Security ID: CORP\jsmith. Logon Type: 2. Network Address: 192.168.1.45 | DC01 |
| 2026-03-29 07:41:19 | System | 19 | Warning | Classic | Microsoft-Windows-WindowsUpdateClient | Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.8. | WORKSTATION01 |
| 2026-03-29 07:38:05 | Application | 1000 | Error | Classic | Application Error | Faulting application name: explorer.exe, version: 10.0.19041.1, time stamp: 0x8a8e3f2b. Faulting module name: ntdll.dll. Exception code: 0xc0000374. Fault offset: 0x00000000000f9840. | WORKSTATION01 |
| 2026-03-29 06:15:00 | Application | 9017 | Warning | Classic | EventGuard | EventGuard Alert: No events received from FILESERVER01 for 142 minutes. Agent may be down or unreachable. | DC01 |
| 2026-03-29 06:02:11 | Security | 4624 | Information | Audit Success | Microsoft-Windows-Security-Auditing | An account was successfully logged on. Subject: Security ID: SYSTEM. New Logon: Security ID: CORP\bwilson. Logon Type: 10. Network Address: 192.168.1.88 | FILESERVER01 |
| 2026-03-29 05:58:32 | System | 107 | Information | Classic | Microsoft-Windows-Kernel-Power | The system has resumed from sleep. Sleep Time: 2026-03-29T04:31:00. Wake Time: 2026-03-29T05:58:32. | WORKSTATION01 |
| 2026-03-29 05:01:44 | Security | 4624 | Information | Audit Success | Microsoft-Windows-Security-Auditing | An account was successfully logged on. Subject: Security ID: SYSTEM. New Logon: Security ID: CORP\admin. Logon Type: 3. Network Address: 192.168.1.10 | DC01 |