YAML configs for:
1. NSA Events to Monitor List https://hannahsuarez.github.io/2021/Winlogbeat_NSAEventstoMonitor/
2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference https://hannahsuarez.github.io/2021/Windows_10_Windows_Server_2016_Security_auditing_monitoring_reference/
3. Exploit protection events based on attack surface reduction events https://hannahsuarez.github.io/2021/ExploitProtectionEvents/
And, which Windows auditing events require failure and success logging?
I have a few more to share next week.
https://github.com/HannahSuarez/hannahsuarez.github.io/tree/master/_posts for the original .md
A Mastodon instance for info/cyber security-minded people.