Back to Course

Security Information & Event Management (SIEM)

0% Complete
0/27 Steps
  1. Logs
    24 Topics
  2. Detection Optimization
  3. Content Management

Participants113

Show more
Security Information & Event Management (SIEM) Logs Server Operating System (OS) Logs
In Progress
Lesson 1, Topic 14
In Progress

Server Operating System (OS) Logs

Secure x Design
Lesson Progress
0% Complete

Windows Server

The Windows Active Directory, Windows DHCP and the Windows DNS servers runs on the Windows Operating System. Therefore it is only necessary to ensure that the Operating System is not under malicious control.

Data Sets

  • Event timestamp
  • Device type – winevent_nic,30 (type)
  • Device class – Host
  • Device subclass – Windows
  • Message severity level
  • Source Interface
  • Destination Interface
  • User ID’s
  • Access group
  • Event description
    • Successful and failed log-on and log-off;
    • Terminal identity or location if possible;
    • Records of successful and rejected system access attempts;
    • Records of successful and rejected data and other resource
      access attempts;
    • Changes to system configuration;
    • Use of privileges;
    • Use of system utilities and applications;
    • Files accessed and the kind of access;
    • Alarms raised by the access control system;
    • Activation and de-activation of protection systems,
      such as anti-virus systems and IDS/IPS;
    • Shutdown / reboot of system

Unix Servers

AIX

HP-UX

RHEL

Solaris