User Account

All Pages

Conduct an analysis of the data to report.

Assignment Help Software Engineering
Reference no: EM132459751

Windows Security Log Analysis

Using the following log file from a Windows Server, conduct an analysis of the data to report interesting information.

Stage 1 - Analysis You Can See
You may use any tools you would like to do the analysis. I would recommend trying Microsoft Excel as well as Notepad++ (not dumb Windows Notepad). Consider using Tableau for advanced visualizations.

Section A - Review the supplied Windows Security Log.

Report some basic statistics about it to include:
• When is the first event?
• When is the last event?
• Comment on the time stamps in the log file. What time zone are they in?
• How many total events are reported?

Section B - Focus on the events for EventID 4624 only and report the following:
• How many different users (as opposed to computers) log on to the network?
• Which users log on more times than other users?
• Make a frequency chart of when this user logs in.

Section C - Focus on the events for EventID 4625 only and report the following:
• How many times is this EventID reported?
• Describe each of these events focusing on the user accounts and computers that were involved.
• What do you think should be done to solve this issue?

Section D - Reporting of tools you used
• Report which software tools you used.
• Identify the methods you used to find the information
• Report and functions, scripts or semi-automated methods you applied in the tools

Stage 2 - Programming

Using a programming language of your choice, write an application to scan through the supplied data file and generate output about each Event ID Type. You may choose Java, Python, or a combination of Bash and Linux commands like grep, awk, and sed. These are potentially powerful commands that can be scripted and linked together with piping.

Section A:
Your program should read the file as input and write an output file. To start, you probably want to create a file reader/writer that simply duplicates the existing file line-by-line.

Section B:
Modify your program to only duplicate lines into your output file that are associated with a specified EventID. Notice that the input file has multiple lines per "event" and the EventID is *NOT* on the first line. Your program can either accept as input from the keyboard which EventID to generate the file for, or you can hard code that into your program as a static variable.
Generate an output file for the Event ID 4624

Section C:
Modify your program to generate a count of the number of times that the event ID occurs. Run your program and generate and output file for Event ID 4625.

Section D:
Modify your program to report the number of times that the given event ID occurs over time. Your program should report the number of times each eventID occurs during each hour. Your output should looks like the following:

2011-04-15T14 20
2011-04-15T15 8
2011-04-15T16 3
2011-04-15T17 29
Etc.

What to turn in
1. A one-paragraph summarization of your analysis. Include the following items. Make sure to write in good analytic style, BLUF, Active voice, short sentences and paragraphs.
2. An overview of the data you were given. When do the data start? When do they end? How many records? (Section 1, Section A)
3. A count of the log on and log off events. (Section 1, Section B)
4. The answers to the remaining Sections of Sections 1 and 2, above - including your list of tools, scripts, code, etc.
5. Identify any events that you think are unusual - these are potential Indicators of Compromise.

Attachment:- Windows Security Log Analysis.rar

Reference no: EM132459751

Questions Cloud

Describe how our day shaped and constrained by social norms : Analyze how at least four sociological concepts learned in class (eg. roles, institutions, interactions, impression management, stage theory, emotional labor)
Budget and net worth : Keep track of your income and expenses for one month. List all your assets and liabilities (debts owed) in a spreadsheet. Based on these documents
Discuss about the social forces and community organizations : Discuss about the Social Forces and Community Organizations,Select three forces that you think are the most important for community-based organization
Savings-investments and risk management : Talk to a 25-year-old business professional who has a graduate degree and who is unmarried. This person can be a family member, friend, or mentor.
Conduct an analysis of the data to report. : Conduct an analysis of the data to report interesting information - write an application to scan through the supplied data file and generate output.
What is the maximum spread the money exchange : The local bank has a bid/ask spread of 1.2351 - 54. What is the maximum spread the money exchange can make?
What is the balance for the capital account : The current account balance in the US last year was 520 billion in deficit. The official reserve account balance has 95 billion surplus.
Generate incremental free cash flows : The initial outlay would be ?$1, 800,000?, and the project would generate incremental free cash flows of ?$650,000 per year for 7 years.
What is the dependent variable : What did the participants do in the study? In other words, what procedures were used for data collection? Summarize these procedures briefly.

Reviews

Write a Review

Software Engineering Questions & Answers

  Debugging facilities for art of programming

The BlueJ development environment offers simple but sufficient debugging facilities for those new to and learning the art of programming.

  Corporate or organisational culturediscuss why corporate

corporate or organisational culturediscuss why corporate culture is such an important determinant of organisational

  Survey of data mining and knowledge discovery software tools

You have to write critical review ( of about 3 to 4 pages) on A SURVEY OF DATA MINING AND KNOWLEDGE DISCOVERY SOFTWARE TOOLS article.

  Defect amplification and removal method

How many errors will be left after applying Defect Amplification and Removal method on the data

  Describe purpose of the keyword super in programs

Describe purpose of the keyword super in programs

  Compare and contrast the architectures of the two services

compare and contrast the architectures of the two services along with the intended use of each application.

  Describe software application areas

Describe five software application areas in which software safety and hazard analysis would be a major concern.

  What might be causing the slow response time

What might be causing the slow response time? Prepare a brief memo explaining system performance and workload measurement, using nontechnical language that Personal Trainer users can understand easily.

  Describe xp and defend or criticize the practice

Describe the agile methodology and identify its relationship to the PMBOK process groups. Contrast waterfall and agile methodologies. Describe XP and defend or criticize the practice.

  In her paper developing an effective metrics program

in her paper developing an effective metrics program rosenberg described a group of sample goals questions and metrics.

  In software engineering one can find various life cycle

in software engineering one can find various life cycle models. some examples include the waterfall model agile

  Describe the primary sdlc methodologies

The System Development Life Cycle has constructed over the decades to include a variety of Methodologies. Each of these Methodologies utilizes same processes in a different way.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd