Monitoring Windows Event Logs (Part 1)

Posted on

I’m ISC Handler today and I’ve got a great post on how to use syslog to monitor important Windows event logs. This will have multiple parts as it will go deeper into special config.

Advertisements

One thought on “Monitoring Windows Event Logs (Part 1)

    n. said:
    January 23, 2014 at 2:00 am

    PlatformAuditProbe – free commandline tool/Windows Forensic Metric (64 bit Windows 7 or later)
    https://appliedalgo.com/appliedalgoweb/Doc%5CAppliedAlgo%20PlatformAuditProbe%20Guide.pdf

    RegistryRunKeys
    RegistryMonitoredRegistryKey
    WindowServices
    WindowsScheduledTasks
    DriverQuery
    RecycleBin
    LocalFiles (md5/timestamps/owner)
    LocalFolders
    LocalFoldersPermission
    SharesPermission
    UserList
    GroupList
    GroupMembership

    RunningProcesses
    OpenPortsNoProcessInfo
    OpenPortsWithProcessInfo
    RoutePrint
    Arp
    OpenFileHandles
    LogonSessions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s