When it comes to securing Windows Systems, it doesn’t matter if you harden a Domain Controller, a server system or a client – one thing they all have in common:
There are baselines provided by Microsoft, which security settings should be applied for each system.
Amongst others, there are some audit recommendations included.
I often work with customers who just started building their Security Operations Center (SOC). Many customers are confused by the variety of Windows Events: which events should be monitored? Which events will be generated when a specific baseline is applied?
Writing down each event and monitoring recommendations would be a huge effort. That’s why I automated it and created EventList – I hope, it helps you, too! (more…)