Logon Tracker is an HX Innovation Architecture module designed to enable the investigation of lateral movement within Windows enterprise environments. Logon Tracker improves the efficiency of investigating lateral movement by aggregating historical activity and monitoring new activity. This data is presented in a user interface designed for analyzing investigative leads (e.g., a compromised account) and hunting for suspicious activity (e.g., RDP activity by privileged accounts). Additionally, Logon Tracker can generate HX alerts for suspicious lateral movement using user-defined alerting rules.
This technical preview release of Logon Tracker is supported on Endpoint Security 5.0.1 with xAgent 31.
As this is a tech preview module, the usual support SLAs don’t apply to the module. You can also provide feedback to the module team through the email listed below.
|Resources:||Logon Tracker Release Notes (0.4.4)|
|Logon Tracker User Guide (0.4.4)|
|FireEye Endpoint Security|
|Last Updated:||September 16, 2020|
|Requirements:||FireEye Endpoint Security 5.0.1+ with xAgent 31+|