hi all,
couple of weeks ago, I got a pointer to a recent SANS paper about
monitoring windows workstation logs with rsyslog and sec, in order to
detect security incidents:
https://www.sans.org/reading-room/whitepapers/logging/detecting-security-incidents-windows-workstation-event-logs-34262
Although the sec rules in the paper implement alerting in a fairly
straightforward way, the paper nicely covers setting up the entire logging
flow from workstation to sec. Hopefully it's useful reading for list
members.
kind regards,
risto
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
