YAML configs for:

1. NSA Events to Monitor List hannahsuarez.github.io/2021/Wi

2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference hannahsuarez.github.io/2021/Wi

3. Exploit protection events based on attack surface reduction events hannahsuarez.github.io/2021/Ex

And, which Windows auditing events require failure and success logging?
hannahsuarez.github.io/2021/Wh

YMMV!

I have a few more to share next week.

Yeah it's all Windows due to environment, but I am doing some work on logging for Linux environments very soon

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.