SlideShare uma empresa Scribd logo

1556 a 09

Transferir como PPT, PDF
Lê Liêu
Lê Liêu

This document discusses best practices for monitoring event logs. It covers monitoring security events and analyzing security logs to detect failures or suspicious access attempts. It also addresses monitoring system and application logs for errors or warnings. The document reviews using Event Viewer to view and filter logs, managing log size by setting overwrite policies, and archiving logs for long-term analysis. It recommends regularly reviewing logs, archiving logs to track trends over time, and selecting the appropriate log overwrite option.

Tecnologia
1 de 21
Module 9: Monitoring Event Logs
Overview  Introduction to Monitoring Event Logs  Monitoring Security Events  Analyzing Security Events  Monitoring System and Application Events  Viewing Event Logs  Managing Event Logs  Best Practices
Introduction to Monitoring Event Logs Audit Failed Access Policy System or Application Event User Log X Administrative Action Administrator
 Monitoring Security Events  The Security Log  Categories of Security Events  Auditing Object Access Events
The Security Log  Contains Information About:  Date and time the event occurred  Source of the event  Category of the event  User who generated the event  Successful or failed attempt
Categories of Security Events Categories of Security Events Account Logon Object Access Privilege Use System Event
Auditing Object Access Events  Audit Access to Files and Folders  Audit Access to Printers  Audit Access to Other Objects in Active Directory  Audit the Success or Failure of User Access Attempts
 Analyzing Security Events  Analyzing Security Logs  Looking for Specific Security Events
Analyzing Security Logs  Interpret Security Events to Determine Their Meanings  Analyze Security Events to Identify Failed Attempts to Access Resources  Analyze Security Events to Identify Successful Attempts to Access Resources  Track Events Over Time to Detect Trends  Take Action to Resolve Security Problems
Looking for Specific Security Events  Logon Failure  Failure When Attempting to Read a File  Deletes or Attempts to Delete a Data File  Assigns or Attempts to Assign  Take Ownership permission  Change Permissions permission  Restart, Shutdown, and System Audit on Network Servers
 Monitoring System and Application Events  System and Application Logs  Types of System and Application Events
System and Application Logs  System Log Contains Events Logged by Windows 2003  Application Logs Contain Events Logged by Applications  System and Application Logs Contain:  Errors, warnings, and information  Date and time the event occurred  Source of the error Application  Category of event  User who generated the event System
Types of System and Application Events Types of System and Application Events Information Warning Error
 Viewing Event Logs  Using Event Viewer to View Logs  Using Event Viewer to Locate Events
Using Event Viewer to View Logs  Use Event Viewer to View Detailed Event Information  Use Event Viewer to View Logs on a Remote Computer eventvwr - [Event Viewer (local)Security Log] Action View 0 event(s) Event Viewer (Local) Type Date Time Source Category Event User Application Log Success Audit 6/11/98 11:36:21 AM Security Privilege Use 577 SYSTE Directory Log Failure Audit 6/11/98 11:32:55 AM Security Privilege Use 578 Adminis Success Audit 6/11/98 11:03:49 AM Security Privilege Use 577 SYSTE DNS Server File Replication Servi Security Log Security Log System Log Connect to another computer… Connect to another computer… New All Tasks Help
Using Event Viewer to Locate Events System Log Properties ? General Filter Find in local System Log ? View Events Types Clear From: Information Success audit First Event 6/11/98 7:27:03 AMWarning Failure audit To: Error Last Event 6/11/98 7:27:50 AM Types Source: (All) Information Warning Error Category: (All) Success Audit Failure Audit Event ID: Source: (All) Computer: Category: (All) User: User: Description: Computer: Description Event ID: Up Down OK Cancel Apply Next Find Close Clear Help
 Managing Event Logs  Limiting the Size of Event Log Files  Archiving Logs Save as... 512 Kb
Limiting the Size of Event Log Files Security Log Properties ? General Filter Display name: Security Log Log name: D:NTIDSSystem32configSecEvent.Evt  Choose a Size: 64.0 KB (65,536 bytes) Strategy to Created: Thursday, June 11, 1998 7:26:56 AM Limit Log Size Modified: Thursday, June 11, 1998 11:33:29 AM Accessed: Thursday, June 11, 1998 11:33:29 AM Maximum log size: 512 Kilobytes (64K increments) Event log wrapping Overwrite events as needed Overwrite events older than 7 days Do not overwrite events (clear log manually) Low speed connection Default Clear all Events OK Cancel Apply
Archiving Logs  Archive Logs  View an Archived Log  SaveLogs as: Log file format (.evt) Text file format (.txt) Comma-delimited text file format (.csv)
Best Practices Set Up a Schedule and Review Event Logs Regularly Archive Event Logs Regularly to Track Trends Review Security Logs for Significant Events Select an Appropriate Option to Overwrite Old Log Events
Review  Introduction to Monitoring Event Logs  Monitoring Security Events  Analyzing Security Events  Monitoring System and Application Events  Viewing Event Logs  Managing Event Logs  Best Practices

Recomendados

Event log analyzer by me
Event log analyzer by me Event log analyzer by me
Event log analyzer by me ER Swapnil Raut
 
How-To Effectively Consolidate Windows Event Logs
How-To Effectively Consolidate Windows Event LogsHow-To Effectively Consolidate Windows Event Logs
How-To Effectively Consolidate Windows Event LogsSolarWinds
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Creating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultCreating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultAlienVault
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationMahendra Pratap Singh
 
1556 a 00
1556 a 001556 a 00
1556 a 00Lê Liêu
 
1556 a 07
1556 a 071556 a 07
1556 a 07Lê Liêu
 
Chapter07 Advanced File System Management
Chapter07 Advanced File System ManagementChapter07 Advanced File System Management
Chapter07 Advanced File System ManagementRaja Waseem Akhtar
 

Recomendados

Event log analyzer by me
Event log analyzer by me Event log analyzer by me
Event log analyzer by me ER Swapnil Raut
 
How-To Effectively Consolidate Windows Event Logs
How-To Effectively Consolidate Windows Event LogsHow-To Effectively Consolidate Windows Event Logs
How-To Effectively Consolidate Windows Event LogsSolarWinds
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Creating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultCreating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultAlienVault
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationMahendra Pratap Singh
 
1556 a 00
1556 a 001556 a 00
1556 a 00Lê Liêu
 
1556 a 07
1556 a 071556 a 07
1556 a 07Lê Liêu
 
Chapter07 Advanced File System Management
Chapter07 Advanced File System ManagementChapter07 Advanced File System Management
Chapter07 Advanced File System ManagementRaja Waseem Akhtar
 
Eventlog
EventlogEventlog
EventlogShashi Kanth
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfGurvinder Singh, CISSP, CISA, ITIL v3
 
Zentral combine power of osquery_santa
Zentral combine power of osquery_santaZentral combine power of osquery_santa
Zentral combine power of osquery_santaHenry Stamerjohann
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]Phil Huggins FBCS CITP
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorAnton Chuvakin
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
Power of logs: practices for network security
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network securityInformation Technology Society Nepal
 
First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]Phil Huggins FBCS CITP
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...NoNameCon
 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptxMuhammadYasirKhan36
 
File000138
File000138File000138
File000138Desmond Devendran
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Anton Chuvakin
 
1556 a 08
1556 a 081556 a 08
1556 a 08Lê Liêu
 
1556 a 06
1556 a 061556 a 06
1556 a 06Lê Liêu
 

Mais conteúdo relacionado

Semelhante a 1556 a 09

Zentral combine power of osquery_santa
Zentral combine power of osquery_santaZentral combine power of osquery_santa
Zentral combine power of osquery_santaHenry Stamerjohann
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]Phil Huggins FBCS CITP
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorAnton Chuvakin
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]Phil Huggins FBCS CITP
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...NoNameCon
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Anton Chuvakin
 

Semelhante a 1556 a 09 (20)

Eventlog
EventlogEventlog
Eventlog
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
 
Zentral combine power of osquery_santa
Zentral combine power of osquery_santaZentral combine power of osquery_santa
Zentral combine power of osquery_santa
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real World
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
 
Power of logs: practices for network security
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network security
 
First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptx
 
File000138
File000138File000138
File000138
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
 

Mais de Lê Liêu

Part05 communication security
Part05 communication securityPart05 communication security
Part05 communication securityLê Liêu
 
Part04 key exchange protocols
Part04 key exchange protocolsPart04 key exchange protocols
Part04 key exchange protocolsLê Liêu
 
Part04 basic cryptography
Part04 basic cryptographyPart04 basic cryptography
Part04 basic cryptographyLê Liêu
 
Part02 access control authentication
Part02 access control authenticationPart02 access control authentication
Part02 access control authenticationLê Liêu
 
Part01 general security concepts
Part01 general security conceptsPart01 general security concepts
Part01 general security conceptsLê Liêu
 
Part06 infrastructure security
Part06 infrastructure securityPart06 infrastructure security
Part06 infrastructure securityLê Liêu
 

Mais de Lê Liêu (14)

1556 a 08
1556 a 081556 a 08
1556 a 08
 
1556 a 06
1556 a 061556 a 06
1556 a 06
 
1556 a 05
1556 a 051556 a 05
1556 a 05
 
1556 a 04
1556 a 041556 a 04
1556 a 04
 
1556 a 03
1556 a 031556 a 03
1556 a 03
 
1556 a 02
1556 a 021556 a 02
1556 a 02
 
1556 a 01
1556 a 011556 a 01
1556 a 01
 
1556 a 10
1556 a 101556 a 10
1556 a 10
 
Part05 communication security
Part05 communication securityPart05 communication security
Part05 communication security
 
Part04 key exchange protocols
Part04 key exchange protocolsPart04 key exchange protocols
Part04 key exchange protocols
 
Part04 basic cryptography
Part04 basic cryptographyPart04 basic cryptography
Part04 basic cryptography
 
Part02 access control authentication
Part02 access control authenticationPart02 access control authentication
Part02 access control authentication
 
Part01 general security concepts
Part01 general security conceptsPart01 general security concepts
Part01 general security concepts
 
Part06 infrastructure security
Part06 infrastructure securityPart06 infrastructure security
Part06 infrastructure security
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 

Último (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

1556 a 09

  • 2. Overview  Introduction to Monitoring Event Logs  Monitoring Security Events  Analyzing Security Events  Monitoring System and Application Events  Viewing Event Logs  Managing Event Logs  Best Practices
  • 3. Introduction to Monitoring Event Logs Audit Failed Access Policy System or Application Event User Log X Administrative Action Administrator
  • 4.  Monitoring Security Events  The Security Log  Categories of Security Events  Auditing Object Access Events
  • 5. The Security Log  Contains Information About:  Date and time the event occurred  Source of the event  Category of the event  User who generated the event  Successful or failed attempt
  • 6. Categories of Security Events Categories of Security Events Account Logon Object Access Privilege Use System Event
  • 7. Auditing Object Access Events  Audit Access to Files and Folders  Audit Access to Printers  Audit Access to Other Objects in Active Directory  Audit the Success or Failure of User Access Attempts
  • 8.  Analyzing Security Events  Analyzing Security Logs  Looking for Specific Security Events
  • 9. Analyzing Security Logs  Interpret Security Events to Determine Their Meanings  Analyze Security Events to Identify Failed Attempts to Access Resources  Analyze Security Events to Identify Successful Attempts to Access Resources  Track Events Over Time to Detect Trends  Take Action to Resolve Security Problems
  • 10. Looking for Specific Security Events  Logon Failure  Failure When Attempting to Read a File  Deletes or Attempts to Delete a Data File  Assigns or Attempts to Assign  Take Ownership permission  Change Permissions permission  Restart, Shutdown, and System Audit on Network Servers
  • 11.  Monitoring System and Application Events  System and Application Logs  Types of System and Application Events
  • 12. System and Application Logs  System Log Contains Events Logged by Windows 2003  Application Logs Contain Events Logged by Applications  System and Application Logs Contain:  Errors, warnings, and information  Date and time the event occurred  Source of the error Application  Category of event  User who generated the event System
  • 13. Types of System and Application Events Types of System and Application Events Information Warning Error
  • 14.  Viewing Event Logs  Using Event Viewer to View Logs  Using Event Viewer to Locate Events
  • 15. Using Event Viewer to View Logs  Use Event Viewer to View Detailed Event Information  Use Event Viewer to View Logs on a Remote Computer eventvwr - [Event Viewer (local)Security Log] Action View 0 event(s) Event Viewer (Local) Type Date Time Source Category Event User Application Log Success Audit 6/11/98 11:36:21 AM Security Privilege Use 577 SYSTE Directory Log Failure Audit 6/11/98 11:32:55 AM Security Privilege Use 578 Adminis Success Audit 6/11/98 11:03:49 AM Security Privilege Use 577 SYSTE DNS Server File Replication Servi Security Log Security Log System Log Connect to another computer… Connect to another computer… New All Tasks Help
  • 16. Using Event Viewer to Locate Events System Log Properties ? General Filter Find in local System Log ? View Events Types Clear From: Information Success audit First Event 6/11/98 7:27:03 AMWarning Failure audit To: Error Last Event 6/11/98 7:27:50 AM Types Source: (All) Information Warning Error Category: (All) Success Audit Failure Audit Event ID: Source: (All) Computer: Category: (All) User: User: Description: Computer: Description Event ID: Up Down OK Cancel Apply Next Find Close Clear Help
  • 17.  Managing Event Logs  Limiting the Size of Event Log Files  Archiving Logs Save as... 512 Kb
  • 18. Limiting the Size of Event Log Files Security Log Properties ? General Filter Display name: Security Log Log name: D:NTIDSSystem32configSecEvent.Evt  Choose a Size: 64.0 KB (65,536 bytes) Strategy to Created: Thursday, June 11, 1998 7:26:56 AM Limit Log Size Modified: Thursday, June 11, 1998 11:33:29 AM Accessed: Thursday, June 11, 1998 11:33:29 AM Maximum log size: 512 Kilobytes (64K increments) Event log wrapping Overwrite events as needed Overwrite events older than 7 days Do not overwrite events (clear log manually) Low speed connection Default Clear all Events OK Cancel Apply
  • 19. Archiving Logs  Archive Logs  View an Archived Log  SaveLogs as: Log file format (.evt) Text file format (.txt) Comma-delimited text file format (.csv)
  • 20. Best Practices Set Up a Schedule and Review Event Logs Regularly Archive Event Logs Regularly to Track Trends Review Security Logs for Significant Events Select an Appropriate Option to Overwrite Old Log Events
  • 21. Review  Introduction to Monitoring Event Logs  Monitoring Security Events  Analyzing Security Events  Monitoring System and Application Events  Viewing Event Logs  Managing Event Logs  Best Practices