515 as noise? Expand / Collapse
Author
Message
Posted 7/30/2010 10:28:30 AM
Forum Member

Forum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum Member

Group: Forum Members
Last Login: 2/24/2012 7:49:27 PM
Posts: 26, Visits: 12
Randy,

Can the 515 event be considered noise and ignored, or can something be had out of collecting and processing these events?

Thx,
Jeff
Post #420
Posted 8/28/2010 4:44:21 PM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
The only way this would be valuable to monitor is if you baselined all of the trusted logon processes reported by this event on a clean computer over a few days time.  Then alert when a new logon process shows up.  Very unlikely you will get such an alert but would indicate a significant new piece of software had been installed or you were victim of a extremely sophisticated attack
Post #437
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 5:22am