|
|
Forum Member
      
Group: Forum Members
Last Login: 2/24/2012 7:49:27 PM
Posts: 26,
Visits: 12
|
|
Randy,
Can the 515 event be considered noise and ignored, or can something be had out of collecting and processing these events?
Thx,
Jeff
|
|
|
|
Expert
      
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329,
Visits: 0
|
|
The only way this would be valuable to monitor is if you baselined all of the trusted logon processes reported by this event on a clean computer over a few days time. Then alert when a new logon process shows up. Very unlikely you will get such an alert but would indicate a significant new piece of software had been installed or you were victim of a extremely sophisticated attack
|
|
|
|