Tracking changes in the server environment allows for a proactive approach to managing systems, ensuring they remain secure, stable, and optimized for performance.
Changes in system configurations, updates, or patches can impact performance. By tracking these changes, you can correlate them with performance issues and identify potential causes more effectively. When something goes wrong, knowing the history of changes allows for a more accurate root cause analysis. This is particularly helpful in complex environments where multiple factors can contribute to issues.
AimBetter’s Change Tracker constantly draws relevant data and runs statistical analyses to identify and prioritize anomalies according to the level of threat they pose to your systems.
Advanced statistical analysis based on real-time and historical data to point out potential critical problems prompting you proactively to take steps before the changes affect users.
Symptoms:
Changes have been identified. AimBetter monitors essential services for SQL database, operating system, and network activities and reports on any changes.
Expected behavior :
By setting your own thresholds, any change that goes outside of the expected behavior pattern will trigger an alert, and you will be notified by email when a potential threat arises.
There are hundreds of individual system-wide activities that can trigger a change notification.
A few examples are identified here:
Host last boot uptime changed
Appsrv is a Windows service controlling many separate OS functions. After every restart of the OS, boot time is changed.
Database “tempdb” creation date changed
Tempdb is a basic SQL server storage utility for storing data in processes that have not been able to be committed to disk. It is reported here that a new instance has been created.
MSSQL “service-name” last restart changed
All services are monitored for changes.
Service “PostgreSQL-x64-9.6” state changed
A change in the service state has been detected.
Changes tracked on Windows:
- Computer Name – Informs of a change in the computer’s name.
- CPU Cores – Informs of a change in the number of cores.
- CPU Specifications – Informs of a change in the CPU specifications: manufacturer/speed/model.
- Firewall Profile – Informs of a change in the Windows Firewall general profile: Domain, Private, Public.
- Last Restart – Informs of a restart (reboot) and its date.
- Manufacturer – Informs of a change in the machine manufacturer.
- Total Memory – Informs of a change in the total memory.
- Operating System – Informs of a change in the operating system version.
- SP – Informs of a change in the operating system’s service pack (SP).
- Windows Update Date – Informs of a Windows Update and its date.
- Software Installation Date – Informs of a software installation or update and its date.
- Paging Max – Informs of a change in the maximum size set for a Pagefile.
- Paging Min – Informs of a change in the minimum size set for a Pagefile.
- Network Bandwidth – Informs of a change in the network bandwidth of a card.
- Service Account Name – Informs of a change in the account name of a service.
- Service Path – Informs of a change in the path of a service.
- Service Start Mode – Informs of a change in the start mode of a service: Automatic, Automatic (Delayed Start), Manual, Disabled.
- Service State – Informs of a change in the state of a service: Running, Paused, Stopped.
- Total Disk – Informs of a change in a disk’s total capacity.
Changes tracked on MSSQL:
- Collation – Informs of a change in the SQL Server Collation.
- Edition – Informs of a change in the SQL Server Edition.
- Version – Informs of a change in the SQL Server Version.
- Last Restart – Informs of a restart of the SQL Server instance and its date.
- Cores Available – Informs of a change in the number of available logical (virtual) cores for SQL Server.
- Cores In Use – Informs of a change in the number of cores in use by SQL Server.
- Cluster Active Name – Informs of a change in the name of the active node in a clustered instance.
- SP or CU – Informs of a change in the SQL Server service package (SP) or cumulative update (CU). For each version, check the latest SP or CU recommended.
- AlwaysOn Backup Preference – Informs of a change in a database AlwaysOn Backup preference.
- AlwaysOn Group Name – Informs of a change in a database AlwaysOn group name.
- AlwaysOn Health – Informs of a change in a database AlwaysOn health status.
- AlwaysOn State – Informs of a change in a database AlwaysOn state: Not Synchronized,Synchronized.
- Auto Close – Informs of a change in a database Auto Close status: enabled/ disabled.
- Auto Create Statistics – Informs of a change in a database Auto Create Statistics status: enabled/disabled.
- Auto Update Statistics – Informs of a change in a database Auto Update Statistics status: enabled/disabled.
- Auto Shrink – Informs of a change in a database Auto Shrink status: enabled/ disabled.
- Database Compatibility Level – Informs of a change in a database Compatibility level.
- Database Creation Date – Informs of a new database or a change in a database creation date.
- Database Data Drive – Informs of a change in a database data drive path.
- Database File Stream Drive – Informs of a change in a database file stream drive path.
- Database Log Drive – Informs of a change in a database log drive path.