Symptoms: Changes in service(s) have been identified
Impact: Informational
AimBetter monitors essential services for SQL database, operating system, and network activities and reports on any changes.
Expected behavior :
By setting your own thresholds, any change that goes outside of the expected behavior pattern will trigger an alert and notify you by email when a potential threat arises.
There are hundreds of individual system-wide activities that can trigger a change notification. A few examples are identified here. See out guide for a comprehensive review of system parameters here.
Examples of typical alerts
Host last boot uptime changed
Appsrv is a Windows service controlling many separate OS functions. After every restart of the OS, boot time is changed.
Database “tempdb” creation date changed
Tempdb is a basic SQL server storage utility for storing data in processes that have not been able to be committed to disk. It is reported here that a new instance has been created.
MSSQL “service-name” last restart changed
All services are monitored for changes.
Service “PostgreSQL-x64-9.6” state changed
A change in the service state has been detected.
Background
AimBetter’s Change Tracker constantly draws relevant data and runs statistical analyses to identify and prioritize anomalies according to the level of threat they pose to your systems.
Critical problem identification – advanced statistical analysis based on real-time and historical data to point out potential critical problems prompting you proactively to take steps before the changes affect users.
Security breach recognition – recognition of abnormal behavior such as login attempts that may pose a serious security breach.
