Simple visibility. Real control.
One of the biggest gaps in endpoint security—especially in maritime environments is USB visibility.
You can block devices, sure. But can you prove what happened, when, and on which machine?
That’s where the latest update to A9X USB Manager changes things.
What’s new
A9X USB Manager now logs key USB control events directly into Windows Event Viewer.
This includes:
- USB mass storage devices blocked
- USB cameras blocked
- Composite USB devices blocked
- Devices unblocked
Each event is written to the Windows Event Log with:
- Timestamp
- Device details
- Action (blocked / unblocked)
- User
- Hostname
No proprietary format. No custom agent required.
SIEM-ready by design
Because events are written to standard Windows logs, they can be collected by virtually any SIEM or log collector, including:
- Microsoft Sentinel
- Wazuh
- IBM QRadar
Or any system capable of ingesting:
- Windows Event Forwarding (WEF)
- Agent-based collection
- Syslog conversion pipelines
This makes USB activity part of your centralised security visibility, not a standalone control.
Why this matters
In many environments:
- USB blocking exists
- But logging is weak or non-existent
- And investigations rely on guesswork
With event logging in place, you can now:
- Detect repeated USB insertion attempts
- Correlate activity across multiple machines
- Prove policy enforcement during audits
- Feed alerts into existing monitoring pipelines
Example:
A crew member plugs in multiple USB drives across different PCs → All attempts are logged → SIEM flags abnormal behaviour → Investigation becomes trivial
Fits into existing security stacks
This update doesn’t try to replace your SIEM.
It complements it.
You can combine:
- Endpoint protection (Defender / other AV)
- Patch management
- Network monitoring
- USB control (A9X USB Manager)
And finally get visibility into removable media activity, which is often a blind spot.
A9X USB Manager focuses on:
- Enforcement (block / allow)
- Clean, structured logging
Your SIEM handles:
- Detection
- Alerting
- Response
Bottom line
This is a small change with outsized impact.
By writing USB control events into Windows Event Logs, A9X USB Manager:
- Becomes compatible with all SIEM solutions
- Enables proper auditing
- Removes guesswork from investigations
And turns USB control from a silent control into a visible security signal
Final thought
If you’re already collecting Windows logs, you now have USB activity included—without deploying anything new.
If you’re not?
This is one of the simplest, highest-value events you can start collecting. You may want to check out A9X Watchdog for a simple light weight SIEM that requires zero set-up.