|
Posted by =?Utf-8?B?QmFpbGV5?= on August 2, 2007, 5:04 pm
If you were Registered and logged in, you could reply and use other advanced thread options
For months now I have been trying to determine what the most important
security events are. It would be greatly appreciated if you could help me by
giving me at least 10 of the most popular events to monitor. Currently we
are monitoring several events and we want to shorten the list with the most
important events.
Any help is greatly appreciated.
Thanks,
--
Bailey
|
|
Posted by siljaline on August 2, 2007, 11:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
"Bailey" wrote:
> For months now I have been trying to determine what the most important
> security events are. It would be greatly appreciated if you could help me by
> giving me at least 10 of the most popular events to monitor. Currently we
> are monitoring several events and we want to shorten the list with the most
> important events.
> Any help is greatly appreciated.
See: <http://www.dts-l.org/goodpost.htm>
Silj
--
siljaline
MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP
Security Tools Updates:
http://aumha.net/viewforum.php?f=31
Please reply to group, as return address is invalid that, we may all benefit.
|
|
Posted by Roger Abell [MVP] on August 3, 2007, 2:05 am
If you were Registered and logged in, you could reply and use other advanced thread options
monitor totally depends on your environment, the role of the
monitored machine, the risk assessment of the machine in its
role and environment, and what you see as your protection
objectives and priorities.
Roger
> For months now I have been trying to determine what the most important
> security events are. It would be greatly appreciated if you could help me
> by
> giving me at least 10 of the most popular events to monitor. Currently we
> are monitoring several events and we want to shorten the list with the
> most
> important events.
> Any help is greatly appreciated.
> Thanks,
> --
> Bailey
|
|
Posted by Jon Holvoet on August 3, 2007, 6:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
I used the "Security Monitoring and Attack Detection Planning Guide" from
technet to implement and better understand this. A lot of reading, but a
real aid in determining what to monitor and what not.
The URL is :
http://www.microsoft.com/technet/security/guidance/auditingandmonitoring/securitymonitoring/default.mspx
And as an external source I can also advice
http://www.ultimatewindowssecurity.com/
They have the Windows Server 2003 Security log revealed, which is a great
work for a deeper understanding, and even offer multimedia training.
Bad part is, they aren't free, but the good part is, they are not expensive
at all.
First source should definitely get you started, and the second can be a
handy add-on if you want to dig deeper.
Greets,
--
Jon Holvoet
MCSA / MCSE Security
Comptia Security+
CISSP
> For months now I have been trying to determine what the most important
> security events are. It would be greatly appreciated if you could help me
> by
> giving me at least 10 of the most popular events to monitor. Currently we
> are monitoring several events and we want to shorten the list with the
> most
> important events.
> Any help is greatly appreciated.
> Thanks,
> --
> Bailey
|
|
Posted by James Matthews on August 3, 2007, 2:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
1.)Failed Logins.
--
http://www.goldwatches.com/
> For months now I have been trying to determine what the most important
> security events are. It would be greatly appreciated if you could help me
> by
> giving me at least 10 of the most popular events to monitor. Currently we
> are monitoring several events and we want to shorten the list with the
> most
> important events.
> Any help is greatly appreciated.
> Thanks,
> --
> Bailey
|
| Similar Threads | Posted | | No events in XP Security log | August 22, 2005, 10:45 am |
| Re: No events in XP Security log | August 22, 2005, 11:35 am |
| events 529;539;644 | May 3, 2006, 11:28 am |
| IIS Metabase Events | May 17, 2007, 9:16 am |
| 000,000s of logon/logoff events | August 9, 2005, 7:06 am |
| Windows login packets / events | March 10, 2006, 2:26 am |
| Monitor User log-ons | August 29, 2005, 9:58 am |
| Monitor account | August 30, 2006, 10:28 am |
| Can We Monitor Websites Visited that Are Not Ours? | September 12, 2005, 3:02 pm |
| Monitor Email's - incoming and outgoing! | November 17, 2005, 8:04 pm |
|
XML site map