Intrusion Detection with Windows Event Log

Discussion in 'other anti-malware software' started by Minimalist, May 23, 2015.

  1. Minimalist

    Minimalist Registered Member

    Jan 6, 2014
    EU • SLO
    I decided to more carefully check my event log for suspicious events. Configuring custom views and setting up notifications gives me some useful information.
    I followed this steps to configure Audit Policies:
    Here is some useful information and list of interesting event IDs from NSA [PDF]:
    Option to create a task to show message when new event is logged was removed in Windows 8. You can use this workaround to get this functionality back:

    I would appreciate any info about additional IDs to monitor.