slapdash:windows_logging

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
slapdash:windows_logging [2017/09/07 17:49] mguptonslapdash:windows_logging [2023/03/21 16:41] (current) mgupton
Line 15: Line 15:
   * [[http://technet.microsoft.com/en-us/library/cc732848(v=ws.10).aspx|wevtutil]]   * [[http://technet.microsoft.com/en-us/library/cc732848(v=ws.10).aspx|wevtutil]]
   * [[http://ss64.com/nt/wevtutil.html]]   * [[http://ss64.com/nt/wevtutil.html]]
 +
 +======Specific Events of Note======
 +  * [[Windows Administrator Activity Events]]
  
 ======Listing Log Channels and Publishers====== ======Listing Log Channels and Publishers======
 +
 ====Enumerate a list of all log channels==== ====Enumerate a list of all log channels====
 <code> <code>
Line 407: Line 411:
 reg query hklm\system\currentcontrolset\services\eventlog reg query hklm\system\currentcontrolset\services\eventlog
 </code> </code>
-======Resources====== +
-  * [[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx]]+
  
 ======To Explore====== ======To Explore======
Line 577: Line 580:
 logman query providers logman query providers
 </code> </code>
 +
 +======Resources======
 +  * [[https://www.ultimatewindowssecurity.com/|Ultimate Windows Security]]. Randy Franklin Smith's site. Good info for security related logging.
 +      * webinars
 +      * forum
 +  * [[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx]]
 +
 +====== Windows Object Auditing ======
 +  * #FIM
 +  * [[https://github.com/OTRF/Set-AuditRule/blob/master/Set-AuditRule.ps1]]
 +
  • slapdash/windows_logging.1504806579.txt.gz
  • Last modified: 2017/09/07 17:49
  • by mgupton