Guest Bailey Posted August 2, 2007 Posted August 2, 2007 For months now I have been trying to determine what the most important security events are. It would be greatly appreciated if you could help me by giving me at least 10 of the most popular events to monitor. Currently we are monitoring several events and we want to shorten the list with the most important events. Any help is greatly appreciated. Thanks, -- Bailey Quote
Guest siljaline Posted August 3, 2007 Posted August 3, 2007 "Bailey" wrote: > For months now I have been trying to determine what the most important > security events are. It would be greatly appreciated if you could help me by > giving me at least 10 of the most popular events to monitor. Currently we > are monitoring several events and we want to shorten the list with the most > important events. > Any help is greatly appreciated. See: <http://www.dts-l.org/goodpost.htm> Silj -- siljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates: http://aumha.net/viewforum.php?f=31 Please reply to group, as return address is invalid that, we may all benefit. Quote
Guest Roger Abell [MVP] Posted August 3, 2007 Posted August 3, 2007 I for one cannot answer your post since what is important to monitor totally depends on your environment, the role of the monitored machine, the risk assessment of the machine in its role and environment, and what you see as your protection objectives and priorities. Roger "Bailey" <baileyaug@yahoo.com> wrote in message news:BA6AB068-7701-4E71-BDDE-8A3B482A40CD@microsoft.com... > For months now I have been trying to determine what the most important > security events are. It would be greatly appreciated if you could help me > by > giving me at least 10 of the most popular events to monitor. Currently we > are monitoring several events and we want to shorten the list with the > most > important events. > Any help is greatly appreciated. > Thanks, > -- > Bailey Quote
Guest Jon Holvoet Posted August 3, 2007 Posted August 3, 2007 Hello, I used the "Security Monitoring and Attack Detection Planning Guide" from technet to implement and better understand this. A lot of reading, but a real aid in determining what to monitor and what not. The URL is : http://www.microsoft.com/technet/security/guidance/auditingandmonitoring/securitymonitoring/default.mspx And as an external source I can also advice http://www.ultimatewindowssecurity.com/ They have the Windows Server 2003 Security log revealed, which is a great work for a deeper understanding, and even offer multimedia training. Bad part is, they aren't free, but the good part is, they are not expensive at all. First source should definitely get you started, and the second can be a handy add-on if you want to dig deeper. Greets, -- Jon Holvoet MCSA / MCSE Security Comptia Security+ CISSP "Bailey" <baileyaug@yahoo.com> wrote in message news:BA6AB068-7701-4E71-BDDE-8A3B482A40CD@microsoft.com... > For months now I have been trying to determine what the most important > security events are. It would be greatly appreciated if you could help me > by > giving me at least 10 of the most popular events to monitor. Currently we > are monitoring several events and we want to shorten the list with the > most > important events. > Any help is greatly appreciated. > Thanks, > -- > Bailey Quote
Guest James Matthews Posted August 3, 2007 Posted August 3, 2007 There are too many here are some general 1.)Failed Logins. -- http://www.goldwatches.com/ "Bailey" <baileyaug@yahoo.com> wrote in message news:BA6AB068-7701-4E71-BDDE-8A3B482A40CD@microsoft.com... > For months now I have been trying to determine what the most important > security events are. It would be greatly appreciated if you could help me > by > giving me at least 10 of the most popular events to monitor. Currently we > are monitoring several events and we want to shorten the list with the > most > important events. > Any help is greatly appreciated. > Thanks, > -- > Bailey Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.