|
|
|
Forum Newbie
Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 3,
Visits: 0
|
|
Hi all. We now want to use SIEM in our organization and me should analyze tons of logs of events. I`d like to make a template or a script which will gives me the valuable info on possible security incidents.
So, what i`d like to know, and i will be gratefull to hear your opinion, what events should be added:
1. User logon (live user, service accounts, network user) some more??
2. Adding account to administrators (local, AD) group.
3. Making //hostname/c$ , Success or Failure in accessing PC via network. Mapping a disk, remote desktop connections,... more?
Be appreciate for all advises on what ID`s are most interesting to start ITSEC incident analyzys.
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 12/4/2013 2:45:10 AM
Posts: 3,
Visits: 0
|
|
| quickref.pdf downloaded. Thanks Randy!
|
|
|
|