the most interesing security events ID Expand / Collapse
Author
Message
Posted 12/4/2013 2:59:02 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 3, Visits: 0
Hi all. We now want to use SIEM in our organization and me should analyze tons of logs of events. I`d like to make a template or a script which will gives me the valuable info on possible security incidents.
So, what i`d like to know, and i will be gratefull to hear your opinion, what events should be added:
1. User logon (live user, service accounts, network user) some more??
2. Adding account to administrators (local, AD) group.
3. Making //hostname/c$ , Success or Failure in accessing PC via network. Mapping a disk, remote desktop connections,... more?

Be appreciate for all advises on what ID`s are most interesting to start ITSEC incident analyzys.
Post #1297
Posted 12/4/2013 3:09:35 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 3, Visits: 0
quickref.pdf downloaded. Thanks Randy!
Post #1298
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 1:12am