Good Afternoon Dear EE.
Due to change in security policy, we implemented centralized log collector using Windows Server Log Subscriptions.
Can anyone point to good source of IDS / Forensics Event IDs to monitor?
We want to track what is important in Windows 2008 Domain, involving users, groups, directory services, GPOs, DNS, DHCP anything involving servers and workstations.
Also any recommendation how anyone else is monitoring it.
All feedback is greatly appreciated.