Chapter 15. Auditing Microsoft Windows Security Events
In this chapter: | |
Determining Which Events to Audit | 314 |
Managing the Event Viewer | 315 |
Configuring Audit Policies | 318 |
Monitoring Audited Events | 336 |
Best Practices | 340 |
Additional Information | 340 |
No security strategy is complete without a comprehensive auditing strategy. More often than not, organizations learn this the hard way—only after they have experienced a security incident. Without an audit trail of actions made by the intruder, it is almost impossible to investigate a security incident successfully. As part of your overall security strategy, you must determine which events you need to audit, the level of auditing appropriate for your environment, how the audited events will be collected, and how ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.