Event logs Audit configuration

Home Forums Security General Security Event logs Audit configuration

Tagged: 

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    confuseis
    Participant
    #609003

    Hi

    I’m wrestling with auditing the  windows security event logs for a local domain joined windows 10 system

    I’m looking to get the best configuration where I can tell if a system has been compromised and see any intrusion’s.

    I see the security logs are being spammed with event 4703 but despite trimming the audit settings in  gpedit.msc   & Advanced audit policy config    and secpol.msc   I cant see to be rid of this event with generates 4703 thousands of logs a minute.

    When I toggle all the  auditing to not configured(off)  , the settings auto revert back when I check the Local group policy editor.

    How do I force the audit settings to  become permanent ?

    What is the best in your opinion audit settings for a secure workstation e.g.  record usb device activity, screen lock etc.

    what is the recommended max size for the logs e.g.  20 MB ?

    Am  I tweaking these in the correct place ?

    Thanks

     

     

     

     

     

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.