Solved

Top 10 Most Important Security Events to Monitor in Windows Event Log

Posted on 2008-10-28
8
2,839 Views
Last Modified: 2013-12-04
Top 10 Most Important Internet Security Events to Monitor in Windows Event Viewer
Also top events to monitor for Local GPO policies not being implemented-Looking for possible corrupt local security databases which indicate GPO are not being implemented.

Thank you,
John

0
Comment
Question by:jtsapos
  • 2
  • 2
8 Comments
 
LVL 13

Expert Comment

by:Rowley
ID: 22831151
What if there are 600 events that are all equally important?
0
 

Author Comment

by:jtsapos
ID: 22833244
I'll take as many as you can give me. It would be greatly appreciated.
Also top events to monitor for Local GPO policies not being implemented-Looking for possible corrupt local security databases which indicate GPO are not being implemented.

0
 
LVL 13

Accepted Solution

by:
Rowley earned 250 total points
ID: 22839182
In my opinion this is a null question. The most important events in any logs are the ones that are meaningful to the administrator in the context of which they are being read. You could have a success logon event that pops up a thousand times a minute, or a single big red disk read error, a replication event, or a TCP stack warning, etc, etc.

You've also just responded with some specifics to monitor gpo events, ergo these events are important to you but may not be important to someone else. If you want to monitor events, and prioritise alerts for your environment, you could try something like http://www.gfi.com/eventsmanager/ .
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 22929525
You should look other way around and silence out "normal" events.
e.g Audit Success i.e successful access/login denotes normal workings.
0
 
LVL 61

Expert Comment

by:gheist
ID: 23585671
Last two give insight into how to proceed B grade.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now