Event ID's or alternate for below activities.

N

Nathan Bob

Dear All,

Could you provide the event ID's or alternate method in order to detect following activities as part of hunting.

Please advise What event IDs to be enabled to track following activities?

When files/Directories are created and marked Hidden
Account Discovery local (Using net user, net localgroup)
Account Discovery domain (Using net user/domain, net group /domain)
Password policy (Using net accounts /domain)
Query Registry (Querying specific registry keys using "reg query")

Thanks,

Nathan

Continue reading...
 
You must log in or register to reply here.

Similar threads

B
  • Article
Announcing Windows 11 Insider Preview Build 25145
Replies
0
Views
297
Brandon LeBlanc
B
B
  • Article
Announcing Windows 11 Insider Preview Build 23466
Replies
0
Views
217
Brandon LeBlanc
B
N
Event ID for group enumeration
Replies
0
Views
141
Nathan Bob
N
Server Man
Detecting LDAP based Kerberoasting with Azure ATP
Replies
0
Views
457
Server Man
Server Man
C
Malware has remote access to my pc?
Replies
0
Views
350
coltongibson
C
Back
Top Bottom