Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4616 Source: Security

Source
Description
Process Information:
Process ID: 0x99c
Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe

Previous Time: 2013-04-22T18:52:57.909316700Z
New Time: 2013-04-22T18:51:49.908000000Z

This event is generated when the system time is changed. It is normal for the Windows Time Service which runs with System privilege to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Comments
 
Usually normal activity especially when related to virtual machine activity where the host machine and VM need to synchronize time. On non-vm machines and where there is no scripting etc to update the time this could be considered behavioral sign of tampering.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...