YAML configs for:
1. NSA Events to Monitor List https://hannahsuarez.github.io/2021/Winlogbeat_NSAEventstoMonitor/
2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference https://hannahsuarez.github.io/2021/Windows_10_Windows_Server_2016_Security_auditing_monitoring_reference/
3. Exploit protection events based on attack surface reduction events https://hannahsuarez.github.io/2021/ExploitProtectionEvents/
And, which Windows auditing events require failure and success logging?
I have a few more to share next week.
YAML config based on the Palantir Windows Event Forwarding Guidance (can combine with a couple of YML configs, linked in that entry).
Just added: Setting up OpenVPN Logging - including YAML Config Snippets https://hannahsuarez.github.io/2021/YAML_OpenVPN_Logging/
A Mastodon instance for info/cyber security-minded people.