Don't you love it when an auditor or regulator asks why you don't review the security log every day? Anyone who's looked at the Windows security log knows each computer generates bazillions of events every day - way too much to review manually - not to mention the fact that every computer has its own log. Not even domain controllers share event logs.
Yet there's no escaping that every compliance framework and regulation requires monitoring and audit trails. Moreover it's an indispensable part of good information security.
To help out I've spec'd out a list of 5 daily reports for Windows servers that will help you cover all the bases in terms of technology, compliance frameworks and good information security. Can one set of reports cover multiple compliance frameworks and regulations? Yes, because there is so much commonality between each regulation. The activities are largely the same - while the intent and scope is what varies the most.
For each report I will show you which event IDs should be included as well as additional filter criteria to reduce noise in the reports. I’ll show you which columns to include in the report and explain significance as well as how you should analyze and follow up on each report. My intent is that you will be able to implement these reports in your log management solution.
Then, you'll be interested to see how Isaac Thompson from Prism Microsystems has implemented these reports in Prism’s EventTracker log management platform.
Please join me for this real training for free (TM).