[German]The logging of events by Windows leaves room for improvement. Companies do not have a sufficient overview of the activities on their workstations and servers with Microsoft's standard specifications. The Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) have published a guide to configuring Windows logging that provides tips on how to improve logging in Windows.
Advertising
The Australian Signals Directorate (ASD) has repeatedly found in its investigations that companies do not have a sufficient overview of the activities on their workstations and servers, they write here. A good overview of what is happening in a company's environment is essential for conducting an effective investigation. Good logging, on the other hand, also helps in responding to cybersecurity incidents by providing important insights into the events surrounding a cybersecurity incident and reducing the overall cost of responding to these incidents.
I came across a guide published by ASD/ACSC for the configuration of Windows logging via the above tweet. The guide, which can be accessed here, was developed for the setup and configuration of Windows event logging and forwarding. The guide is also designed to support logging for both detection and investigation of malicious activity by striking an ideal balance between capturing important events and managing volumes of data. This guide is also described as a complement to existing host-based intrusion detection and prevention systems.
Aimed at IT information technology and cyber security professionals, this guide covers the types of events that can be generated and an assessment of their relative value, centralized event log collection, event log retention, and recommended group policy settings, along with implementation guidance.
Advertising
