Navigation section

siem

  1. T

    I need some assistance finding out what is causing this Event Log Auditing event

    I am using Alienvault to log our SIEM Events from our Windows 2019 servers, and I am trying to find out how to debug what is causing this recurring Auditing Event in our Windows Event Logs. I have found out that SentinelOne is scanning this file at the time, but is there a way to see what...
    • tpancrazio
    • Thread
    • alienvault audit policy change auditing events change detection computer name debugging event logs event monitoring it security log management recurring events security auditing sentinelone siem windows 2019 windows event log windows security
    • Replies: 1
    • Forum: Windows Server Forums
  2. News

    VIDEO AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

    Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following...
    • News
    • Thread
    • apt chirp cisa communication companion tool compromise forensic analysis forensics guidance incident response indicators of compromise malware network defense security siem solarwinds threat activity threat detection windows yara
    • Replies: 0
    • Forum: Security Alerts
  3. News

    AA20-120A: Microsoft Office 365 Security Recommendations

    Original release date: April 29, 2020 Summary As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these...
    • News
    • Thread
    • administrator alerts audit log authentication best practices cloud collaboration compliance cybersecurity legacy protocols microsoft mitigations multi-factor office 365 recommendations roles security siem telework threats
    • Replies: 0
    • Forum: Security Alerts
  4. A

    Interactive LogOn type in windows AD events

    Hello All, Greetings!!! In our environment we monitor windows events 4624 and 4625 on AD for other workstations as all workstations can not integrated in a SIEM. However, in event 4624 and 4625, we are not getting any type 10 or type 2 logon type that could tell us the interactive logon has...
    • amane
    • Thread
    • activity credentials detection event 4624 event 4625 events guidance interactive logon malicious activity monitoring policy security siem type 10 type 2 type 3 windows ad workstation
    • Replies: 5
    • Forum: Windows Server Forums
Back
Top