Windows Security Log Information Expand / Collapse
Author
Message
Posted 6/8/2015 1:58:47 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 6/8/2015 1:44:36 PM
Posts: 2, Visits: 0
Is there a way to add additional 'admin supplied' data (such as a unique character string) to each security record? I want to capture this unique string with my SIEM tool

Thanks!


Post #3263
Posted 6/8/2015 8:17:56 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 179, Visits: 0
What type of security records are you interested in?
Post #3265
Posted 6/9/2015 8:56:10 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 6/8/2015 1:44:36 PM
Posts: 2, Visits: 0
I am trying to audit authentication/authorization/access information that is normally captured in the security logs.

I have an admin defined string that I want to append to each record.

Any help you can provide would be appreciated.

Steve
Post #3267
Posted 6/24/2015 7:46:47 AM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 179, Visits: 0
I don't believe that you can modify the security logs in any way. You would have to look at something else to modify the syslog messages as they are transmitted or received by the SIEM.
Post #3270
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 1:44am