Event logs Audit configuration

Home Forums Security General Security Event logs Audit configuration

Tagged: 

This topic contains 1 reply, has 2 voices, and was last updated by Blood Blood 2 weeks, 2 days ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts

  • confuseis
    Participant
    #609003

    Hi

    I’m wrestling with auditing the  windows security event logs for a local domain joined windows 10 system

    I’m looking to get the best configuration where I can tell if a system has been compromised and see any intrusion’s.

    I see the security logs are being spammed with event 4703 but despite trimming the audit settings in  gpedit.msc   & Advanced audit policy config    and secpol.msc   I cant see to be rid of this event with generates 4703 thousands of logs a minute.

    When I toggle all the  auditing to not configured(off)  , the settings auto revert back when I check the Local group policy editor.

    How do I force the audit settings to  become permanent ?

    What is the best in your opinion audit settings for a secure workstation e.g.  record usb device activity, screen lock etc.

    what is the recommended max size for the logs e.g.  20 MB ?

    Am  I tweaking these in the correct place ?

    Thanks

     

     

     

     

     

    Blood
    Blood
    Moderator
    #609056

    Have you seen this Microsoft reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings

    • This reply was modified 2 weeks, 2 days ago by Blood Blood. Reason: Converted URL to link
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.