HCS ▋: "Just added: Setting up OpenVPN Logging - includin…" - Infosec Exchange

Feb 05, 2021, 12:03

HCS ▋ @superruserr@infosec.exchange

YAML configs for:

1. NSA Events to Monitor List https://hannahsuarez.github.io/2021/Winlogbeat_NSAEventstoMonitor/

2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference https://hannahsuarez.github.io/2021/Windows_10_Windows_Server_2016_Security_auditing_monitoring_reference/

3. Exploit protection events based on attack surface reduction events https://hannahsuarez.github.io/2021/ExploitProtectionEvents/

And, which Windows auditing events require failure and success logging?
https://hannahsuarez.github.io/2021/WhichEventsNeedFailureSuccessLogging/

YMMV!

I have a few more to share next week.

#security #cybersecurity #infosec #elasticsecurity #blueteam

Feb 05, 2021, 21:24

HCS ▋ @superruserr@infosec.exchange

YAML config based on the Palantir Windows Event Forwarding Guidance (can combine with a couple of YML configs, linked in that entry).

https://hannahsuarez.github.io/2021/YAML_Palantir_Windows_Event_Forwarding_WEF_Guidance_Security_Events_to_Monitor/

YMMV

#security #cybersecurity #infosec #elasticsecurity #blueteam

HCS ▋ @superruserr@infosec.exchange

Just added: Setting up OpenVPN Logging - including YAML Config Snippets https://hannahsuarez.github.io/2021/YAML_OpenVPN_Logging/

ymmv

Feb 07, 2021, 16:35 · · · ·

Sign in to participate in the conversation