Back to Course
Security Information & Event Management (SIEM)
0% Complete
0/27 Steps
-
Logs24 Topics
-
Anti-Spam Solution Logs
-
Authentication Server Logs
-
Authorisation & Access Control Logs
-
Backup Solution Logs
-
Database Logs
-
Directory Services Logs
-
Domain Name Server (DNS) Logs
-
Endpoint Detection & Response (EDR) Logs
-
Firewalls Logs
-
Host Operating System Logs
-
Intrusion Prevention System Logs
-
Mobile Device Management (MDM) Logs
-
Routers Logs
-
Server Operating System (OS) Logs
-
SMTP Logs
-
Network Switches Logs
-
Virtual Private Network (VPN) Logs
-
Web Application Firewall (WAF) Logs
-
Web Application Servers Logs
-
Web Filtering (Proxy) Logs
-
Windows Dynamic Host Configuration Protocol (DHCP) Server Logs
-
Wireless Access Point Logs
-
Host Intrusion Prevention System (HIPS) Logs
-
Virtualization Platform Logs
-
Anti-Spam Solution Logs
-
Detection Optimization
-
Content Management
Participants3
Lesson 1, Topic 6
In Progress
Directory Services Logs
Lesson Progress
0% Complete
The Windows Active Directory Server (ADS) is the centrepiece of every Windows domain. It holds all key information about the domains, sub-domains, servers, users and services in a network.
The logs from this device will help us to identify the malicious activities by both general and privileged users as well as any kind of unnatural behaviour of devices in the network.
The Windows AD Servers logs usually provide the following key information elements to assist with analysis:
- Object modifications
- Object creation, deletion
- Group, OU. GPO. modifications
- Domain modifications
- Information on account performing activities
- Failed modifications
- Elevation of privileges
- Cryptographic failures
- Certificate failures
- Replication failures
- Shutdown / reboot of service
- User information
- Terminal information