- Zabbix Server version 7.0 or higher
- Zabbix Agent 2 installed on Windows hosts
- Upload the
.yamlfile to Zabbix by navigating to Configuration -> Templates and clicking Import.
| Item | Description |
|---|---|
| Task Scheduler | Monitors all events in the Windows Task Scheduler operational log. |
| Service Installation Attempt | Monitors events indicating an attempt to install a service. |
| Program Installation | Monitors installer events from the Windows Application log. |
| PowerShell Script Execution | Monitors PowerShell script executions from the PowerShell operational log. |
| Windows Defender Events | Monitors all events from the Windows Defender operational log. |
| Delegated Login | Monitors delegated login events from the Security log. |
| Audit Log Deleted | Monitors events indicating that the audit log was cleared in the Security log. |
| Failed Login Attempt | Monitors failed logon events from the Security log. |
| User Logoff | Monitors user logoff events from the Security log. |
| Explicit User Logoff | Monitors explicit user logoff events from the Security log. |
| Registry Changes | Monitors registry modification events from the Security log. |
| Object Deletion | Monitors deletion events from the Security log. |
| Account Created | Monitors account creation events from the Security log. |
| Account Activated | Monitors account activation events from the Security log. |
| Account Deactivated | Monitors account deactivation events from the Security log. |
| Account Deleted | Monitors account deletion events from the Security log. |
| User Account Changed | Monitors modifications to user accounts from the Security log. |
| Domain Policy Changed | Monitors domain policy modification events from the Security log. |
| Account Locked/Unlocked | Monitors account lock and unlock events from the Security log. |
| Process Creation | Monitors process creation events from the Security log. |
| System Shutdown/Start | Monitors system shutdown and startup events from the System log. |
| Service Installation | Monitors service installation events from the System log. |
| Reboot Required | Checks the registry for pending reboot indications from Windows Update (via registry key). |
- The template is optimized for Zabbix 7.0 and above; some items may require additional configuration on the Windows host.
- Adjust polling intervals, history, and trend settings as needed for your environment.