Hi all,
Anybody has a best practice recommendations when auditing Domain Controllers? Specific events? Also, any specific locations on the DCs that you guys monitor using CA's File System auditing capabilities?
Thanks,
Laz
Hi all,
Anybody has a best practice recommendations when auditing Domain Controllers? Specific events? Also, any specific locations on the DCs that you guys monitor using CA's File System auditing capabilities?
Thanks,
Laz
Consider monitoring / backup the security event id in domain controller. if you monitor all event id then you can't provide storage for storing events.
Change auditor having limitation and it store the audit details in SQL database. I guess limited days of audit details can be stored.
I would recommend to use Quest Intrust for gathering and storing the event ids.
Thank you very much... we are already using the Quest Intrust to send the DC event logs to our SIEM.... I was mostly looking for locations in the file system to audit on DCs.
Thank you very much... we are already using the Quest Intrust to send the DC event logs to our SIEM.... I was mostly looking for locations in the file system to audit on DCs.