Top 12 Events to Monitor in the Windows Server Security Log

About this webinar

Recorded: February 6, 2018

Last year we spent a lot of time, and rightly so, on Active Directory and domain controllers. But don’t forget your member servers. That’s where your data actually resides and bad guys can make a lot of noise once inside a member server that you won’t hear if you are only watching Active Directory. There’s a wealth of security information available in their logs. In this webinar Randy Franklin Smith highlights the 12 most important things to monitor in the Security Log of your Windows servers:

  1. Audit policy changes
  2. User right assignments
  3. Local account authentication policy changes
  4. Local user account changes
  5. Local account enumeration
  6. Logon right changes
  7. Local group membership changes
  8. New software installed
  9. Failed logon attempts
  10. Any attempt to logon as local Administrator
  11. Firewall policy change
  12. New device attached
Hosted by
Adam Stetson,
Systems Engineer
Randy Franklin Smith,
CEO, Monterey Technology Group, Inc.

Deep Dive: Insider Threat Detection

Do organizations battle insider threats? They try to. Are they successful at mitigating the risk? Not so much. It’s a real challenge to spot malicious insiders before they cause damage, and even well-meaning users sometimes forget or ignore established information sharing and data protection protocols, especially those that seem arbitrary or inconvenient.

Join us in our new 25-minute deep dive demo to learn how to:

  • Determine whether your organization should be concerned about insider threats
  • Get concrete evidence of privilege abuse incidents
  • Be notified about high-risk insider threat patterns
  • Identify security weak spots so you can remediate them before they are exploited
19
February
12pm EST
19 February, 12pm EST
Register Now