the most interesing security events ID Expand / Collapse
Author
Message
Posted 12/4/2013 2:59:02 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 4, Visits: 0
Hi all. We now want to use SIEM in our organization and me should analyze tons of logs of events. I`d like to make a template or a script which will gives me the valuable info on possible security incidents.
So, what i`d like to know, and i will be gratefull to hear your opinion, what events should be added:
1. User logon (live user, service accounts, network user) some more??
2. Adding account to administrators (local, AD) group.
3. Making //hostname/c$ , Success or Failure in accessing PC via network. Mapping a disk, remote desktop connections,... more?

Be appreciate for all advises on what ID`s are most interesting to start ITSEC incident analyzys.
Post #1297
Posted 12/4/2013 3:09:35 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 4, Visits: 0
quickref.pdf downloaded. Thanks Randy!
Post #1298
Posted 10/2/2019 5:13:05 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 4, Visits: 0
2019 ! and I want to ask if this link could provide the information, or there are something more to read on the topic question
https://www.ultimatewindowssecurity.com/securitylog/quickref/Default.aspx
Post #8593
Posted 10/7/2019 7:03:00 PM
Junior Member

Junior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior Member

Group: Administrators
Last Login: 4/13/2009 5:07:47 PM
Posts: 10, Visits: 0
Wow, a reply to a 2013 post. Yes since then we have updated the quickref chart. That page, https://www.ultimatewindowssecurity.com/securitylog/quickref/Default.aspx, has the new chart. You may want to look at Supercharger by LOGbinder. There's a free edition and we have a built in filter that eliminates the noise in the Security Log.
Post #8595
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 9:29pm