Intrusion Detection with Windows Event Log

Discussion in 'other anti-malware software' started by Minimalist, May 23, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,087
    I decided to more carefully check my event log for suspicious events. Configuring custom views and setting up notifications gives me some useful information.
    I followed this steps to configure Audit Policies: http://www.monitorware.com/common/en/stepbystep/intrusion-detection-mwa12.php
    Here is some useful information and list of interesting event IDs from NSA [PDF]: https://www.nsa.gov/ia/_files/app/spotting_the_adversary_with_windows_event_log_monitoring.pdf
    Option to create a task to show message when new event is logged was removed in Windows 8. You can use this workaround to get this functionality back: http://www.askvg.com/fix-cant-create-tasks-to-display-messages-in-windows-8-task-scheduler/

    I would appreciate any info about additional IDs to monitor.
     
Loading...