|
|
|
Forum Newbie
Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 4,
Visits: 0
|
|
Hi all. We now want to use SIEM in our organization and me should analyze tons of logs of events. I`d like to make a template or a script which will gives me the valuable info on possible security incidents.
So, what i`d like to know, and i will be gratefull to hear your opinion, what events should be added:
1. User logon (live user, service accounts, network user) some more??
2. Adding account to administrators (local, AD) group.
3. Making //hostname/c$ , Success or Failure in accessing PC via network. Mapping a disk, remote desktop connections,... more?
Be appreciate for all advises on what ID`s are most interesting to start ITSEC incident analyzys.
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 4,
Visits: 0
|
|
| quickref.pdf downloaded. Thanks Randy!
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 4,
Visits: 0
|
|
2019 ! and I want to ask if this link could provide the information, or there are something more to read on the topic question
https://www.ultimatewindowssecurity.com/securitylog/quickref/Default.aspx
|
|
|
|
|
Junior Member
Group: Administrators
Last Login: 4/13/2009 5:07:47 PM
Posts: 15,
Visits: 0
|
|
| Wow, a reply to a 2013 post. Yes since then we have updated the quickref chart. That page, https://www.ultimatewindowssecurity.com/securitylog/quickref/Default.aspx, has the new chart. You may want to look at Supercharger by LOGbinder. There's a free edition and we have a built in filter that eliminates the noise in the Security Log.
|
|
|
|