What is a one sentence summary of your feature request?
The ability to monitor and audit both successful and failed local logon events on Windows Servers to ensure compliance with GDPR requirements.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Currently, Netwrix Auditor does not provide comprehensive monitoring of local logon events on Windows Servers, which is critical for compliance with GDPR Article 32 (security of processing) and various systems administrator laws that require tracking of privileged access. Organizations need to maintain detailed audit trails of both successful and failed logon attempts to:
Successful logons:
Demonstrate compliance during audits by showing all administrative access attempts.
Track who accessed servers locally, when, and from which workstations.
Investigate security incidents by identifying the timeline and source of legitimate access.
Meet regulatory requirements for privileged access monitoring and retention.
Failed logon attempts:
Detect potential brute-force attacks or unauthorized access attempts.
Identify compromised credentials being used from unusual locations.
Alert on suspicious patterns such as multiple failed attempts followed by successful logon.
Meet compliance requirements for monitoring and reporting security threats.
How do you currently solve the challenges you have by not having this feature?
Currently, we can use Event Log Manager (ELM) to collect logon events, manually review Windows Event Logs on each server, use custom PowerShell scripts to consolidate data, or rely on separate SIEM solutions. However, this approach creates significant challenges.