r4kieta
asked on
IDS / Forensics Windows Event IDs.
Good Afternoon Dear EE.
Due to change in security policy, we implemented centralized log collector using Windows Server Log Subscriptions.
Can anyone point to good source of IDS / Forensics Event IDs to monitor?
We want to track what is important in Windows 2008 Domain, involving users, groups, directory services, GPOs, DNS, DHCP anything involving servers and workstations.
Also any recommendation how anyone else is monitoring it.
All feedback is greatly appreciated.
Due to change in security policy, we implemented centralized log collector using Windows Server Log Subscriptions.
Can anyone point to good source of IDS / Forensics Event IDs to monitor?
We want to track what is important in Windows 2008 Domain, involving users, groups, directory services, GPOs, DNS, DHCP anything involving servers and workstations.
Also any recommendation how anyone else is monitoring it.
All feedback is greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER