Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Event logs Audit configuration

Home Forums Security General Security Event logs Audit configuration

Tagged: 

Viewing 1 post (of 1 total)
  • Author
    Posts

  • confuseis
    Participant
    #609003

    Hi

    I’m wrestling with auditing the  windows security event logs for a local domain joined windows 10 system

    I’m looking to get the best configuration where I can tell if a system has been compromised and see any intrusion’s.

    I see the security logs are being spammed with event 4703 but despite trimming the audit settings in  gpedit.msc   & Advanced audit policy config    and secpol.msc   I cant see to be rid of this event with generates 4703 thousands of logs a minute.

    When I toggle all the  auditing to not configured(off)  , the settings auto revert back when I check the Local group policy editor.

    How do I force the audit settings to  become permanent ?

    What is the best in your opinion audit settings for a secure workstation e.g.  record usb device activity, screen lock etc.

    what is the recommended max size for the logs e.g.  20 MB ?

    Am  I tweaking these in the correct place ?

    Thanks

     

     

     

     

     

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: