***** THIS EMAIL WAS SENT VIA THE INTERNET ***** Hi All, I have found that our security event logs are filling up rapidly due to logging Successful Object Access - making them hard to manage. I want to change the Windows audit policy to only log failed object accesses, according to NSA guidelines, but when I do server sensor seems to overwrite the setting putting it back to success, failure. I know there is an audit.policy file on the sensor but I can't find anywhere to administer it from. Does server sensor require a certain auditing configuration to function properly? Does it need to have successful object accesses audited?
Any help would be much appreciated. Andy ********************************************************************** This email is privileged, confidential and subject to copyright. Any unauthorised use or disclosure of its content is prohibited. The views expressed in this communication may not necessarily be the views held by Scottish Borders Council ********************************************************************** _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
