Introducing Project Sauron – Centralised Storage of Windows Events – Domain Controller Edition

(Nearly) every customer I visit is lacking comprehensive security auditing in their downlevel DEV and UAT environments and sometimes even in their production environment. This scenario exists for a number of reasons. For some larger customers, the security logs roll so quickly that it’s considered “too hard” to even bother trying to archive them without…

10

Creating Custom Windows Event Forwarding Logs

You may have noticed recently that *we* Microsoft security people have kind of fallen in love with Windows Event Forwarding (WEF). Why? Its built into Windows itself, easily configurable and can collect a very large amount of course or finely filtered events (including existing events) from any domain joined machine with less then 30 minutes of…

10