Windows – Security Sys Admin Dashboards

My strategy is to used Nagios Log Server as a hunting tool: 1. Create a dash board with about 10 panels, each one monitoring a different field. 2. Search for processes , .exe or other events and see what it is doing 3. Once a result looks good, make a new dashboard and set an "Alert" to e-mail you when a new event occurs ====================================================== Windows Auditpol/EventLogs: The custom audit policy I used to gather my log data are based off of Randy Franklin Smith's webpage: (https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008) Mr. Smith's list edits the auditpol to specifically reduce "loud" MS Window logs which send too much data while not providing much value for the average Tech. ====================================================== Dashboards:(some dashboards should NOT have any events if a computer has no issues, you can test this by extending the dashboard to 30+ days to find alerts) The dashboards are based off of "Spotting-the-adversary-with-windows-event-log-monitoring": https://www.iad.gov/iad/library/ia-guidance/security-configuration/applications/spotting-the-adversary-with-windows-event-log-monitoring.cfm Please verify that you are getting "Good" data before fully trusting any dashboard. I'm not a MS Windows Pro but if YOU ARE, I'm happy to make corrections to the above dashboards.

You must be logged in to submit a review.

Your review has been submitted and is pending approval.

Your recommendation has been sent.

Project Overview Project Files Project Photos Project Notes Reviews