In this real training for free™ webinar, I’ll be sharing the top most important events you should be monitoring in the Windows security log. I ended with this number after looking at all of Windows security events and applying the following criteria:
- Worth alerting on – indicating either:
- A definite security violation
- A significant change in security posture
- Won’t generate a flood of constant cry wolf alerts
- Do not require unrealistic correlation capabilities
During this webinar, I will show you what audit policy needs to be enabled in order to generate these events and I’ll distinguish between events that only apply to domain controllers or member servers. Also, this isn’t just a list of event IDs or I could just provide them to you now. In many cases, it’s actually a subset of occurrences based on specific field values within the event. For instance, logon failures with a certain type.
We will use LogRhythm, who is kindly sponsoring this training event, for event analysis and there’s a cool surprise in store for you related to LogRhythm’s data normalization and categorization capabilities which I think you’ll like.
If you monitor nothing else, monitor these events in your Windows security log. Don’t miss this real training for free™!