This publication is intended for information technology and information security professionals. This advice is also designed to complement existing host-based intrusion detection and prevention systems. This advice has been developed to support both the detection and investigation of malicious activity by providing an ideal balance between the collection of important events and management of data volumes. This publication has been developed as a guide to the setup and configuration of Windows event logging and forwarding. It also aids incident response efforts by providing critical insights into the events relating to a cyber security incident and reduces the overall cost of responding to them. Good visibility of what is happening in an organisation’s environment is essential for conducting an effective investigation. A common theme identified by the Australian Cyber Security Centre (ACSC) while performing investigations is that organisations have insufficient visibility of activity occurring on their workstations and servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |