Eliminate Windows Firewall Chatter (Noise) from the Security Log
Fri, 08 Jul 2011 07:03:55 GMT
Vista, Windows 7 and Windows Server 2008 generate a lot of events regarding the Windows Firewall and for most of us in most scenarios this is at best chatter if not down right noise. Here's how to get rid of it.
You need to disable all of the audit subcategories that reference Filtering Platform or MPSSVC as well as the "Other Policy Change Events" and other "System Events" subcategory. That's:
That's what I do in my Recommended Audit Baseline. If you are on Windows Server 2008 R2 you can use group policy instead of the auditpol command; look for the Advanced Audit Policy folder at the bottom of Security Settings.
Don't forget to enable this policy before you start configuring subcategories.
Understanding the Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log
Live with Dell at RSA 2015
Live with LogRhythm at RSA
Anatomy of a Hack Disrupted: How one SIEM's out-of-the-box rules caught an intrusion and beyond
previous | next
powered by Bloget™